is it safe to chmod +s named?
Bryan Irvine
sparctacus at gmail.com
Wed Oct 29 02:35:49 UTC 2008
On Tue, Oct 28, 2008 at 7:15 PM, Mark Andrews <Mark_Andrews at isc.org> wrote:
>
> In message <611607.56975.qm at web45312.mail.sp1.yahoo.com>, Jeff Pang writes:
>> Hello,
>>
>> I need to let apache start/stop named.
>> I set: chmod +s named, so httpd (run with nobody) can stop/start it.
>> Is it safe for this behavior? thanks.
>
> In general, no. Named is not designed to be run suid root.
> A ordinary user can do all sorts of damage with named.
>
> I would suggest that you create a wrapper which then exec's
> named with arguements that you deem safe. This wrapper can
> be suid root.
*cough*sudo*cough* ;-)
-Bryan
More information about the bind-users
mailing list