Running named as other than root
Cricket Liu
cricket at acmebw.com
Sun Nov 21 21:58:59 UTC 1999
> Is there any benefit, security or otherwise, to running named as other
than
> root?
>
> "named -u joesnuffy"
Sure. If your version of BIND proves vulnerable to say, a buffer overrun,
as many have, then people who capitalize on that bug to gain access to
the system that runs the name server will gain access as joesnuffy instead
of root.
You might also want to check out the -t <directory> option, which lets
you chroot() named to a particular directory.
cricket
Acme Byte & Wire
cricket at acmebw.com
www.acmebw.com
Attend the next Internet Software Consortium/Acme Byte & Wire
DNS and BIND class! See www.acmebw.com/training.htm for
the schedule and to register for upcoming classes.
More information about the bind-users
mailing list