NDC vs. kill -HUP
Jim Reid
jim at rfc1035.com
Fri Aug 18 18:03:33 UTC 2000
>>>>> "joseph" == joseph lang <tcnojl1 at earthlink.net> writes:
joseph> jim did a good job of laying out the "PRO" side. Here's
joseph> the "CON" Some flavors of unix have security problems with
joseph> unix domain sockets. This allows a normal user to control
joseph> BIND. Kill -HUP doesn't suffer from this flaw.
This flaw is easily fixed, even in systems where the permission checks
on UNIX domain sockets is broken. There's even a warning about this OS
stupidity in the README file and a workaround for the problem. As you
say, "kill -HUP" doesn't have that flaw. But you have to be the UID
that owns the name server process to be able to send that signal. And
you assume that a given signal always has the same effect on the name
server. This isn't necessarily so. Off the top of my head, any signal
apart from HUP that's sent to a BIND9 name server will terminate the
process. So carry on using signals. You'll probably get a nasty
suprise one day.
More information about the bind-users
mailing list