* Michael Stone said: > On Fri, Jan 21, 2000 at 06:42:53PM -0500, Greg Stark wrote: > > If there were any actual security gains then it might make sense to disable > > useful features for the security gains. As it is it merely downgrades a > > hypothetical attack from a root-obtaining-exploit to a remote exploit that > > doesn't obtain root but is a DOS and obtains non-root access to the machine. > > Every little bit helps. I'd rather have users who can't figure out why > their bind isn't working (in which case they probably shouldn't be > running bind) than users getting hit by a trivial root exploit. The discussion gets off the original topic, I'm afraid. Nobody objected that bind should be run as its own user - the only objection I had in response to the original mail was that bind shouldn't be started as non-root without the administrators knowledge to that effect. Asking in the postinstall stage how to run bind and modifying /etc/init.d/bind accordingly would be just fine. > > If you want to improve security you should implement a kernel interface for > > non-root users to be able to do what named does. Then propose this again. > > I'd love to see bind running chroot'ed also. But that requires more than > a simple change to the init script; let's go one step at a time. Yes, that's not quite that easy... I second that. marek
Attachment:
pgp8lTV2H2kM0.pgp
Description: PGP signature