Re: To the bind maintainer
[snip]
>You still seem to miss the point. The problem is not with bind starting as
>another user but with running it on a machine with dynamically changing IP
>interfaces. bind watches for interfaces going up and down and attaches
>itself to listen on any of these interfaces that may appear. Now, since the
>DNS port is 53 TCP/UDP bind has to be root to do it successfuly.
I know this.
>After being
>started as root, AFAIR, bind drops the root privileges completely.
Thats the point.
>If you
>have a notebook or (as said in the README) using some tunneling stuff, you
>might have interfaces going up and down dynamically all the time. If bind
>isn't run as root then you'd have to restart it BY HAND every time any
>interface changes.
I agree, so let the user -choose- how he wants to run bind.
>As to your security objection and the huge effort that modifying the bind
>startup file - you do it just ONCE and then forget it. OTOH, the solution
>with asking a question during the install time would be quite OK. Still, if
>you answer N to the question above, you'd still have to modify the startup
>script by hand should you change your mind :))
My problem is that when there is a bind upgrade the post install script
stops the old bind and starts the new one WITH UID/GID root! So I 'have
to restart it BY HAND every time' the bind package changes, IF I catch
the change...
I understand your objections completly and I agree so I retract my initial
proposel and do a new one: let the user choose ... !
I'm glad that you pointed this problem out and lets DO something with it!
Regards,
Onno
Reply to: