On Sun, 23 Apr 2000, Derek Martin wrote:
> I deleted the message before I could reply to it, but someone just asked
> if RH configures named to run as a non-root user. The named daemon binds
> to port 53, which is a "reserved" port, and requires root priviledges for
> this operation.
It would be nice if BIND dropped root privileges after binding to port 53,
though.
It would be nicer still if Unix had a general mechanism for saying, "This
{user|group} can bind to this port". We can already do it for devices by
changing permissions in /dev, but not for BSD sockets.
I'd say the majority of serious Unix security exploits have come from
programs running as root, not because they needed full access to the system,
but because they needed access to one specific thing, but the only way to
grant that access was by running the program as root.
--
Ben Scott <[EMAIL PROTECTED]>
| "You may have a fresh start any moment you choose, for this thing we call |
| 'failure' is not the falling down, but the staying down." -- Mary Pickford |
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
