Re: To the bind maintainer

To: Onno Ebbinge <Onno@Willem.Alexanderschool.nl>
Cc: debian-devel@lists.debian.org
Subject: Re: To the bind maintainer
From: Marek Habersack <grendel@vip.net.pl>
Date: Fri, 21 Jan 2000 16:26:10 +0100
Message-id: <[🔎] 20000121162610.A26779@vip.net.pl>
Reply-to: grendel@vip.net.pl
In-reply-to: <[🔎] 3.0.6.32.20000121163739.00933960@alexanderschool.nl>; from Onno@Willem.Alexanderschool.nl on Fri, Jan 21, 2000 at 04:37:39PM +0100
References: <[🔎] 3.0.6.32.20000121151957.0093b960@alexanderschool.nl> <[🔎] 3.0.6.32.20000121102115.0092ab20@alexanderschool.nl> <[🔎] 3.0.6.32.20000121102115.0092ab20@alexanderschool.nl> <[🔎] 20000121121928.A26546@vip.net.pl> <[🔎] 3.0.6.32.20000121151957.0093b960@alexanderschool.nl> <[🔎] 20000121160556.A26516@vip.net.pl> <[🔎] 3.0.6.32.20000121163739.00933960@alexanderschool.nl>

* Onno Ebbinge said:

> >> running named non-root and let YOU choose if you want 
> >> to run named root or non-root! With a little effort 
> >> you can get more security. 
> >Did you *really* read what's said in the README.Debian? I'll just quote the
> >relevant part:
> 
> Yes, but did -you- *really* read my compromis?
It was not a compromise. Read on.
 
> >"Note that if you run named as a user other than root, it will not be able to
> >find new interfaces that appear dynamically, such as during a PCMCIA card
> >insertion, or if you're running some flavors of IPSEC and/or IP over IP
> >tunnels."
> 
> Then write a post install script that states this! 
> THEN ask the user the next question:
> 
> Do you want to run named as a user other than root? (Y/N): [N]
> 
> Note the default! But when I want to run named as a user other
> than root because I'm a little nervous about security then
> I should have that possibility! (and say Y!) Instead of patching
> /etc/init.d/bind.
You still seem to miss the point. The problem is not with bind starting as
another user but with running it on a machine with dynamically changing IP
interfaces. bind watches for interfaces going up and down and attaches
itself to listen on any of these interfaces that may appear. Now, since the
DNS port is 53 TCP/UDP bind has to be root to do it successfuly. After being
started as root, AFAIR, bind drops the root privileges completely. If you
have a notebook or (as said in the README) using some tunneling stuff, you
might have interfaces going up and down dynamically all the time. If bind
isn't run as root then you'd have to restart it BY HAND every time any
interface changes.
As to your security objection and the huge effort that modifying the bind
startup file - you do it just ONCE and then forget it. OTOH, the solution
with asking a question during the install time would be quite OK. Still, if
you answer N to the question above, you'd still have to modify the startup
script by hand should you change your mind :))

regards,
marek

Attachment: pgpr_uQa4soBk.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: To the bind maintainer
  - From: Michael Stone <mstone@debian.org>
- Re: To the bind maintainer
  - From: Onno Ebbinge <Onno@Willem.Alexanderschool.nl>
- Re: To the bind maintainer
  - From: Paul Slootman <paul@wau.mis.ah.nl>

References:
- Re: To the bind maintainer
  - From: Onno Ebbinge <Onno@Willem.Alexanderschool.nl>
- To the bind maintainer
  - From: Onno Ebbinge <Onno@Willem.Alexanderschool.nl>
- Re: To the bind maintainer
  - From: Marek Habersack <grendel@vip.net.pl>
- Re: To the bind maintainer
  - From: Marek Habersack <grendel@vip.net.pl>
- Re: To the bind maintainer
  - From: Onno Ebbinge <Onno@Willem.Alexanderschool.nl>

Prev by Date: Re: To the bind maintainer
Next by Date: Re: Bulgarian additions to Debian
Previous by thread: Re: To the bind maintainer
Next by thread: Re: To the bind maintainer
Index(es):
- Date
- Thread