if the daemon is hacked the intruder gets root's rights immediately
other dameons run as root
well, i should say it's a security issue...
A 07:43 21/02/2001 -0500, vous avez écrit :
>hmm,..well, does it matter if the named daemon runs as root,..is this a
>serious problem??
>
>-----Original Message-----
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED]]On Behalf Of Thierry ITTY
>Sent: Tuesday, February 20, 2001 9:32 AM
>To: [EMAIL PROTECTED]
>Subject: Re: upgrading BIND 8.2.2
>
>
>just RTFM and you'll see that the -u flag is only available with linux for
>kernels > 2.3.99, so just remove the "-u named" option in the startup
>script and it will work
>
>please note that the ability to switch to another user (ie named) looks
>interesting for security issues, so maybe we'd have both to consider moving
>to a 2.4 kernel ;-)
>
>btw note too that named does NOT load domains which have no default TTL, so
>I added a $TTL line at the beginning of every zone definition file (direct
>and reverse) BUT the hints file. it just complains about an invalid ttl
>value but unlike bind 8 which loaded the zone despite this lack, bind 9
>just doesn't load it (a bit silently i think)
>
>hth,
>
>
>
>
>A 21:12 19/02/2001 -0500, vous avez écrit :
>>
>>Here's the problem....i've upgraded bind 8.2.2 p7 to bind 9.01,..i should
>>let you know im running redhat 6.2 with kernel 2.2.17....anyway,..first of
>>all it seems to copy the binary to /usr/local/sbin/named,..instead of
>>/usr/sbin/named like with 8.2.2,..so i copied the new named binary to the
>>/usr/sbin/named and ran /etc/rc.d/init.d/named start and recieved the
>>following error:
>>
>>
>>Shutting down named: [FAILED]
>>Starting named: named: -u not supported on Linux kernels older than
>>2.3.99-pre3 when using threads
>>[FAILED]
>>
>>
>>I have know clue why this doesn't start, does this mean i cant run BIND
>9.01
>>on Redhat 6.2 using kernel 2.2.17.....has anyone else had this problem??
>>
>>how can i fix this,..so i can start the daemon using "named -u named"
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> An optimist believes we live in the best of all possible worlds. A
>>pessimist is sure of it!
>>
>>
>>---
>>Outgoing mail is certified Virus Free.
>>Checked by AVG anti-virus system (http://www.grisoft.com).
>>Version: 6.0.231 / Virus Database: 112 - Release Date: 2/12/2001
>>
>>
>>
>>_______________________________________________
>>Redhat-list mailing list
>>[EMAIL PROTECTED]
>>https://listman.redhat.com/mailman/listinfo/redhat-list
>>
>>
> - * - * - * - * - * - * -
>Mes idees n'engagent que moi (vieux proverbe du Net)
>
>Thierry ITTY
>eMail: [EMAIL PROTECTED] FRANCE
>
>
>
>
>---
>Incoming mail is certified Virus Free.
>Checked by AVG anti-virus system (http://www.grisoft.com).
>Version: 6.0.231 / Virus Database: 112 - Release Date: 2/12/2001
>
>---
>Outgoing mail is certified Virus Free.
>Checked by AVG anti-virus system (http://www.grisoft.com).
>Version: 6.0.231 / Virus Database: 112 - Release Date: 2/12/2001
>
>
>
>_______________________________________________
>Redhat-list mailing list
>[EMAIL PROTECTED]
>https://listman.redhat.com/mailman/listinfo/redhat-list
>
>
- * - * - * - * - * - * -
Mes idees n'engagent que moi (vieux proverbe du Net)
Thierry ITTY
eMail: [EMAIL PROTECTED] FRANCE
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
