BIND less restrictive modes and policy

Manuel Wolfshant wolfy at nobugconsulting.ro
Tue Jan 22 02:18:10 UTC 2008


On 01/22/2008 03:17 AM, Andrew Farris wrote:
> Enrico Scholz wrote:
>> Adam Tkac <atkac at redhat.com> writes:
>>
>>> Also complete /var/named/* subtree will be writable by named
>>
>> This is bad. Only the slaves/ and data/ (for DDNS) dirs must be 
>> writable.
>> pz/ and the other parts of the chroot filesystem must be read-only for
>> named.
>
> And why exactly is that?  Any reference or reason?  What becomes 
> exploitable if that is changed?
>
Bind DID have security issues in the past, providing remote root. Just 
because we have selinux and that as far as we know NOW there are no 
atack methods is not a reason to lower the difficulty bar. Just give any 
application the minimum rights needed to do what it has to do.
Any method which raises the difficulty bar for a potential attacker -- 
especially when it is already available and taking into consideration 
potential DNS poisoning attacks --  is good. Lowering the bar with no 
real gain is bad.




More information about the fedora-devel-list mailing list