[2571] in Release_7.7_team
BIND (Was: Minutes of 2000-01-13 release-team meeting)
daemon@ATHENA.MIT.EDU (andrew m. boardman)
Wed Jan 31 17:23:23 2001
Date: Wed, 31 Jan 2001 17:23:14 -0500 (EST)
Message-Id: <200101312223.RAA02579@karst.mit.edu>
From: "andrew m. boardman" <amb@MIT.EDU>
To: ghudson@mit.edu
CC: release-team@mit.edu
In-reply-to: Greg Hudson's message of Wed, 31 Jan 2001 15:06:35 -0500
<200101312006.PAA02968@equal-rites.mit.edu>
Sorry to have missed the relevant part of the meeting; with regard to BIND:
>We might also consider making bind run as nobody, depending on how
>hard that is.
The stock BIND 8 facilities for running non-root, and for running
chrooted (-i <user> -t <directory>), work quite well.
(I also have some dusty old patches for BIND<8 to run non-root, should
anyone need same for some horrible reason. I've always run on the
assumption that there's *always* an undiscovered overflow in BIND, just
waiting for the next rootkit-du-jour. Haven't been wrong yet.)
