My named is running as root too.
I see two instances of the daemon function in the /etc/rc.d/init.d/named
script. One is for start, the other is for hard restart.
Do I need to change both of them to use -u & -g options?
Do I need to create the user and group of named?
Thanks,
Jabie
mailto:[EMAIL PROTECTED]
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Kevin D
Sent: Monday, June 11, 2001 8:30 AM
To: [EMAIL PROTECTED]
Subject: Re: [cobalt-security] profile of a bind worm
From: "Robson Martins" <[EMAIL PROTECTED]>
> Hey all, i have bind-8.2.3 running here, my question is, when i run it
with
> start it is the user named but if i restart, it gets the root username, is
> it a problem? Can i receive a worm with this problem? Named need always
run
> as named? Restart is really affecting the username?
How are you restarting? your /etc/rc.d/init.d/named script should have this
in the start section:
daemon named -u named -g named
Which should start bind as user named if you do this:
/etc/rc.d/init.d/named stop
/etc/rc.d/init.d/named start
Bind running as root is a problem, but less of a problem if you have ver
8.2.3. If a new bind vulnerability is discovered for ver 8.2.3, a hacker
could easily gain root access to your box. What saved me from the worst
effects of a bind worm was bind running as named instead of root.
Kevin
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
