[csw-maintainers] How about this BIND bug?
Philip Brown
phil at bolthole.com
Mon Mar 9 21:55:09 CET 2009
On Mon, Mar 09, 2009 at 09:27:45PM +0100, Peter Bonivart wrote:
> I just got a bug report from someone trying to run BIND in chroot.
>
> http://www.opencsw.org/mantis/view.php?id=3460
>
> Is this something we're supposed to support? I'm updating the package
> quickly to keep up with safety concerns and it already runs as an
> unprivileged user as it is. Doesn't this bug go beyond what the
> package is supposed to deliver?
>
> I would be willing to include documentation though on how to run it chroot'ed.
seems like someone was nice enough to step up and help on this, so thats
great :)
I thought I'd write some thoughts in the interests of addressing the
"general principle", of it though...
Our primary goal is to make our software [straighforward and easy to use]
for our users.
Running BIND in a chroot jail is common practice for that piece of
software. Some security-concious people would argue that it is
the ONLY "safe" way to run it.
[i wouldnt agree, but that's not the point :-)]
Because of this, I think that in this specific case, it would be very
appropriate for us to try to make that a one-step option.
And, happily, sounds like we are going to. So i look forward to seeing
the bind_chroot package ;-)
I'm not entirely sure that it's really neccessary to have a separate
package for it.... but if it helps split up the labour required for us to
support it, I'm ok with it.
More information about the maintainers
mailing list