daemon warning

Matus UHLAR - fantomas uhlar at fantomas.sk
Tue Jul 1 15:46:22 UTC 2014


>You need to start named as root for it to be able to chroot. (Unless
>Solaris has some cunning fine-grained privilege feature I don't know
>about.)

On 01.07.14 15:18, Stewart, Larry C Sr CTR DISA JITC (US) wrote:
> Ok so that was not a good troubleshooting technique, was trying to
> determine what did not have the correct permissions and thus causing the
> warning.  I guess I will go ahead and run it the way I have been for the
> last 5 years, unless I find it is causing me problems.

For now we have to trust BIND it will properly bind(), chroot() and drop
privileges...

does anyone know if there's a way to leave these (dropping privileges) to
other programs, so BIND and similar apps won't have to implement this on
their own? 
... on Linux or other OSes?
  
(taking care about security of a small program should be easier)

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Where do you want to go to die?" [Microsoft]


More information about the bind-users mailing list