BIND 10 #180: b10 start auth server drop privs asap
BIND 10 Development
do-not-reply at isc.org
Mon May 31 07:23:03 UTC 2010
#180: b10 start auth server drop privs asap
--------------------------+-------------------------------------------------
Reporter: shane | Owner: shane
Type: enhancement | Status: accepted
Priority: major | Milestone: 05. 3rd Incremental Release
Component: Boss of BIND | Resolution:
Keywords: | Sensitive: 0
--------------------------+-------------------------------------------------
Changes (by shane):
* milestone: 04. 2nd Incremental Release: Early Adopters => 05. 3rd
Incremental Release
Comment:
I thought about this last week, and decided that it didn't make much
sense. If we drop permissions then we'll end up in a state where we can't
restart processes and so on.
I think it is better to implement the full privilege separation documented
on the PrivilegedSocketCreator page, which is beyond the scope of what we
had time for in the Y2 2nd release. Moving to Y2 3rd release!
--
Ticket URL: <http://bind10.isc.org/ticket/180#comment:2>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list