Re: To the bind maintainer
On Jan 22, Greg Stark <gsstark@mit.edu> wrote:
>If you want to improve security you should implement a kernel interface for
>non-root users to be able to do what named does. Then propose this again.
The problem can be solved either by using my version of
start-stop-daemon with capabilities support or by modifying BIND to make
is spawn a small suid program which passes back open file descriptors.
BTW, BIND should be chrooted too. It's a pity our package does not
easily allow that.
--
ciao,
Marco
Reply to: