Re: To the bind maintainer

To: Ethan Benson <erbenson@alaska.net>
Cc: Greg Stark <gsstark@mit.edu>, glen@transecure.com, debian-devel@lists.debian.org
Subject: Re: To the bind maintainer
From: Jason Gunthorpe <jgg@ualberta.ca>
Date: Fri, 21 Jan 2000 19:55:23 -0700 (MST)
Message-id: <[🔎] Pine.LNX.3.96.1000121195149.13278B-100000@wakko.deltatee.com>
In-reply-to: <v04220808b4aeca81fe6f@[192.168.0.1]>

On Sat, 22 Jan 2000, Ethan Benson wrote:

> >I think it is called linux capabilities. If someone wants to make bind
> >more secure arrange for it to run as nobody with bind-to-any-port
> >capability (or something like that)
> 
> this requires filesystem support to store the capabilities, which is 
> not done yet.

No it doesn't. You just run it as root and have it make the proper
capabilities syscalls before switching to not-root. You need the FS patch
if you want to do the above *without* changing bind's source.

Check out how proftpd does it.

Jason

Reply to:

Follow-Ups:
- Re: To the bind maintainer
  - From: Marek Habersack <grendel@vip.net.pl>
- Re: To the bind maintainer
  - From: md@linux.it (Marco d'Itri)

References:
- Re: To the bind maintainer
  - From: Ethan Benson <erbenson@alaska.net>

Prev by Date: Re: Bulgarian additions to Debian
Next by Date: Re: To the bind maintainer
Previous by thread: Re: To the bind maintainer
Next by thread: Re: To the bind maintainer
Index(es):
- Date
- Thread