BIND less restrictive modes and policy
Adam Tkac
atkac at redhat.com
Mon Jan 21 14:30:01 UTC 2008
On Mon, Jan 21, 2008 at 08:55:55AM -0500, Steve Grubb wrote:
> On Monday 21 January 2008 06:57:38 Adam Tkac wrote:
> > I'm going to do major revision of bind's file modes. Currenly We have
> > many files readable only by root and I can't see any reason why keep
> > binaries unreadable and unexecutable by other users.
>
> What other users would be sharing a DNS server? named is traditionally used
> only on servers. It is a high value target for hackers. If they can get the
> DNS server, they can alter where all users go when they are surfing the web
> (think mega-phishing attack). If an intruder gets access to the DNS server,
> they are going after named. DNS servers are constantly under attack.
Yes I know it. But I really don't know why We should keep binaries
non-readable for users. Source is open so why you need non-readable
binaries?
>
> > Also there isn't any reason why keep configuration private. Only this files
> > should not be readable by other users:
> > - /etc/rndc.key - who has it may control server through rndc utility
> > - /var/log/named.log - will have sensitive information
>
> I'd keep all the configuration private. For what reason would you make a high
> value target less secure?
Generally on production servers only administrators have access so I
don't think this is security issue. I think it's only feeling that
configuration has to be private but I'm ready keep config files private
if you think it really makes sence. But if some flaw is found and
exploited it can't protect you.
Adam
--
Adam Tkac, Red Hat, Inc.
More information about the fedora-devel-list
mailing list