On Thu, Sep 23, 2004 at 11:35:08PM -0400, Robert Huff wrote: > > Matthew Seaman writes: > > > Why do you think /etc/namedb should be owned by the bind user? > > Because I read - not sure where, might have been the O'Reilly > book - a) the first step in securing bind is running as !root > (i.e. user "bind") and b) the bind directory needs to be owned by > that user. > Now maybe I'm mis-remembering, or mis-read in the first place > ... but I'm not pulling this out of thin air.
Certainly running bind as a non root user is essential, as is clearly stated in the O'Reilly DNS and Bind book. However I can't see any specific instructions on what ownership and permissions that directory should have, although I don't claim to have managed to make a thorough search through that book this morning. I'd tend to think about these things in terms of 'least privilege'. If someone can subvert your bind process by some sort of buffer overflow exploit (say), then what damage can they do? You can assume that they've got a process with all of the credentials of the bind user. That means they can write to any files that the bind user can write to, or read anything which bind has read permission on. Using the chroot features of bind and setting file ownerships and permissions carefully will minimise your exposure. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK
Description: PGP signature