BIND should be treated with the utmost caution, as CERT has listed it as the #1 way to break into a computer and Im sure some of us have had k1dd13z on our systems because of it. I know I have seen this discussion before in old USENET posts, but I do think it would be a good idea to maybe include a debconf option that lets the user choose whether or not BIND would run as root. That way, upgrades of BIND could respect the setup and users could have safer defaults on their system.
Even if that doesn't happen, I think that should be in the Security HOWTO. -A. Dave Javier Fernández-Sanguino Peña wrote: >On Thu, Jan 03, 2002 at 03:34:32PM +0100, martin f krafft wrote: >(...) > >>but more importantly, if the question was how to secure bind, then let's >>not secure it by substituting... bind is still the #1 nameserver, and a >>thread like this (even though argued a million times) can be quite >>informative. >> > > The way to avoid this kind of threads over and over again is to *document* >them. I find that there are quite a number of people willing to answer emails in the >list but not willing to take some time and *write* about it. > > If anyone feels like writting a few paragraphs on how to secure BIND, improving >the existing documentation (of course, the Debian Security HOWTO), feel free to send >me >any material worth adding. > > Regards > > Javi > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
