On Thu, Sep 23, 2004 at 11:35:08PM -0400, Robert Huff wrote: > > Matthew Seaman writes: > > > Why do you think /etc/namedb should be owned by the bind user? > > Because I read - not sure where, might have been the O'Reilly > book - a) the first step in securing bind is running as !root > (i.e. user "bind") and b) the bind directory needs to be owned by > that user. > Now maybe I'm mis-remembering, or mis-read in the first place > ... but I'm not pulling this out of thin air.
Certainly running bind as a non root user is essential, as is clearly
stated in the O'Reilly DNS and Bind book. However I can't see any
specific instructions on what ownership and permissions that directory
should have, although I don't claim to have managed to make a thorough
search through that book this morning.
I'd tend to think about these things in terms of 'least privilege'.
If someone can subvert your bind process by some sort of buffer
overflow exploit (say), then what damage can they do? You can assume
that they've got a process with all of the credentials of the bind
user. That means they can write to any files that the bind user can
write to, or read anything which bind has read permission on. Using
the chroot features of bind and setting file ownerships and
permissions carefully will minimise your exposure.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
pgpxelJ0qDk80.pgp
Description: PGP signature
