On Fri, Jan 21, 2000 at 04:26:10PM +0100, Marek Habersack wrote: > You still seem to miss the point. The problem is not with bind starting as > another user but with running it on a machine with dynamically changing IP > interfaces. bind watches for interfaces going up and down and attaches > itself to listen on any of these interfaces that may appear. Now, since the > DNS port is 53 TCP/UDP bind has to be root to do it successfuly. After being > started as root, AFAIR, bind drops the root privileges completely. If you > have a notebook or (as said in the README) using some tunneling stuff, you > might have interfaces going up and down dynamically all the time. If bind > isn't run as root then you'd have to restart it BY HAND every time any > interface changes. > As to your security objection and the huge effort that modifying the bind > startup file - you do it just ONCE and then forget it. OTOH, the solution > with asking a question during the install time would be quite OK. Still, if > you answer N to the question above, you'd still have to modify the startup > script by hand should you change your mind :)) I disagree with these priorities. The default should be as secure as possible. If we can get a little advantage by running as non-root, we should do it. If someone has a requirement that won't work with that configuration they should change whatever they need to. *But* they should have to take a definate action to reduce their security--it should not be done by default. -- Mike Stone
Attachment:
pgpIwFMvxOXeO.pgp
Description: PGP signature