is it safe to chmod +s named?

Mark Andrews Mark_Andrews at isc.org
Wed Oct 29 02:15:58 UTC 2008


In message <611607.56975.qm at web45312.mail.sp1.yahoo.com>, Jeff Pang writes:
> Hello,
> 
> I need to let apache start/stop named.
> I set: chmod +s named, so httpd (run with nobody) can stop/start it.
> Is it safe for this behavior? thanks.

	In general, no.  Named is not designed to be run suid root.
	A ordinary user can do all sorts of damage with named.

	I would suggest that you create a wrapper which then exec's
	named with arguements that you deem safe.  This wrapper can
	be suid root.

	Mark

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org


More information about the bind-users mailing list