Re: To the bind maintainer
On Sat, 22 Jan 2000, Ethan Benson wrote:
> >I think it is called linux capabilities. If someone wants to make bind
> >more secure arrange for it to run as nobody with bind-to-any-port
> >capability (or something like that)
>
> this requires filesystem support to store the capabilities, which is
> not done yet.
No it doesn't. You just run it as root and have it make the proper
capabilities syscalls before switching to not-root. You need the FS patch
if you want to do the above *without* changing bind's source.
Check out how proftpd does it.
Jason
Reply to: