named under a different userid
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Wed Jan 5 22:54:53 UTC 2000
> All hacks and cracks could be avoided if the named run under uid other than
> root. Right?
All running as a uid != root does is prevent an immediate root
shell if a new way to crack named is found. The are many more
potential ways available in most OS's to become root once you
have a shell than before.
> No one would be interested in breaking in through named if it
> ran as nobody (just like httpd does).
Not true, see my comments above.
>
> Would it suffice to use setuid just after the socket has opened?
You can now.
>
> David
>
>
>
--
Mark Andrews, Nominum Inc. / Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list