On Sat, Jan 22, 2000 at 05:09:30PM +0100, Marek Habersack wrote: > * Michael Stone said: > > Every little bit helps. I'd rather have users who can't figure out why > > their bind isn't working (in which case they probably shouldn't be > > running bind) than users getting hit by a trivial root exploit. > The discussion gets off the original topic, I'm afraid. Nobody objected that > bind should be run as its own user - the only objection I had in response to > the original mail was that bind shouldn't be started as non-root without the > administrators knowledge to that effect. Asking in the postinstall stage how > to run bind and modifying /etc/init.d/bind accordingly would be just fine. And the only objection I have to that point of view is that we shouldn't start bind as root without the administrator's knowledge of the consequences of that action. The default should be the more secure configuration, not the more convenient configuration. Asking in the postinst if you want to run bind as root and modifying the init script would be fine. If the administrator sets debconf so they don't see questions, then they shouldn't get a bind that runs as root. -- Mike Stone
Attachment:
pgpBzyfJ66ozY.pgp
Description: PGP signature