BIND less restrictive modes and policy
Manuel Wolfshant
wolfy at nobugconsulting.ro
Tue Jan 22 02:18:10 UTC 2008
On 01/22/2008 03:17 AM, Andrew Farris wrote:
> Enrico Scholz wrote:
>> Adam Tkac <atkac at redhat.com> writes:
>>
>>> Also complete /var/named/* subtree will be writable by named
>>
>> This is bad. Only the slaves/ and data/ (for DDNS) dirs must be
>> writable.
>> pz/ and the other parts of the chroot filesystem must be read-only for
>> named.
>
> And why exactly is that? Any reference or reason? What becomes
> exploitable if that is changed?
>
Bind DID have security issues in the past, providing remote root. Just
because we have selinux and that as far as we know NOW there are no
atack methods is not a reason to lower the difficulty bar. Just give any
application the minimum rights needed to do what it has to do.
Any method which raises the difficulty bar for a potential attacker --
especially when it is already available and taking into consideration
potential DNS poisoning attacks -- is good. Lowering the bar with no
real gain is bad.
More information about the fedora-devel-list
mailing list