[bind10-dev] Possible suid root on b10-sockcreator
Jeremy C. Reed
jreed at isc.org
Fri Dec 16 21:06:52 UTC 2011
We need to consider different users/groups for different run-time
components. A good example is stats-httpd (running on same system)
should not have privileges to modify zone data stores or configuration
JSON file.
As an idea bind10 starts as root, and its configurations knows the
user:group to run each component as. But if bind10 drops its own
privileges then it can't restart them as desired.
Postfix master is a common example -- it runs as root. Look at DJB's
qmail, uscpi-tcp, and daemontools svscan for other proven examples.
More information about the bind10-dev
mailing list