Re: To the bind maintainer
On 21 Jan 2000, Greg Stark wrote:
> If you want to improve security you should implement a kernel interface for
> non-root users to be able to do what named does. Then propose this again.
I think it is called linux capabilities. If someone wants to make bind
more secure arrange for it to run as nobody with bind-to-any-port
capability (or something like that)
That is the best way to go, needs a bind patch though!
I'm not sure how a nobody running bind can write its zone cache files
though..
Jason
Reply to: