BIND less restrictive modes and policy
Florian La Roche
laroche at redhat.com
Mon Jan 21 16:10:58 UTC 2008
On Mon, Jan 21, 2008 at 04:57:21PM +0100, Adam Tkac wrote:
> On Mon, Jan 21, 2008 at 09:48:53AM -0600, Chris Adams wrote:
> > Once upon a time, Adam Tkac <atkac at redhat.com> said:
> > > - /var/named will be writable and read-only permissions will be set
> > > per-zone by admin
> >
> > If the directory is writable, read-only file permissions are
> > meaningless.
> >
>
> Maybe but what other solution will be better? I could create separate
> read-only directory inside /var/named (called "masters" for example)
> and put all read-only zones there but I'm not sure if admins will like
> it and use it.
That's why the root-only /var/named with writable subdirs was very nice.
Your points about allowing core-dumps and other things like a non-complex
setup are also valid, that's why I think we should stay thinking about
this some more before reducing the security of bind.
regards,
Florian La Roche
More information about the fedora-devel-list
mailing list