BIND less restrictive modes and policy
Enrico Scholz
enrico.scholz at informatik.tu-chemnitz.de
Tue Jan 22 08:27:14 UTC 2008
Andrew Farris <lordmorgul at gmail.com> writes:
>> pz/ and the other parts of the chroot filesystem must be read-only
>> for named.
>
> And why exactly is that?
To give only the required rights is a common and working practice for
years to secure daemons. Fedora should not forget classical ways
(own uid, chroot environments, restrictive permissions) just to give
something like "easier configuration" (where I can not see how mixing
all and everything into a single dir can ease configuration).
Enrico
More information about the devel
mailing list