On Mon, Jan 21, 2008 at 04:57:21PM +0100, Adam Tkac wrote:
On Mon, Jan 21, 2008 at 09:48:53AM -0600, Chris Adams wrote:
Once upon a time, Adam Tkac atkac@redhat.com said:
- /var/named will be writable and read-only permissions will be set per-zone by admin
If the directory is writable, read-only file permissions are meaningless.
Maybe but what other solution will be better? I could create separate read-only directory inside /var/named (called "masters" for example) and put all read-only zones there but I'm not sure if admins will like it and use it.
That's why the root-only /var/named with writable subdirs was very nice. Your points about allowing core-dumps and other things like a non-complex setup are also valid, that's why I think we should stay thinking about this some more before reducing the security of bind.
regards,
Florian La Roche