On Thu, Dec 03, 2009 at 03:30:15PM -0500, Mark Romer wrote:
> All, thanks for the responses so far.
>
> I work for the Fed and we have to setup a dns sec bind server on our end. I
> was just reading some of their "advice" on setting up the server...
>
> 2. Mount BIND's chroot filesystem with the noexec,nosuid,nodev options.
>
> Of course all their instructions are for redhat and debian, but I want to do
> this on openbsd......
On OpenBSD, the bind chroot is in /var, which is by default
nosuid,nodev (if it is a seperate partition).
-Otto
>
> thanks, Mark
>
> On Thu, Dec 3, 2009 at 2:26 PM, Christopher Linn <[email protected]> wrote:
>
> > On Thu, Dec 03, 2009 at 02:08:29PM -0500, Mark Romer wrote:
> > > Hello All,
> > > Sorry if it has been asked in the past, but is it ok to mount the /usr
> > > partition as nosuid?
> > > What if any default programs will that break? And also does that give me
> > > any added security benefits?
> > > Running 4.6 release generic i386
> > > thanks, Mark
> >
> > why do you want to do this? (what problem are you trying to solve?)
> >
> > cel
> >
> > --
> > Christopher Linn <celinn at mtu.edu> | By no means shall either the CEC
> > System Administrator II | or MTU be held in any way liable
> > Center for Experimental Computation | for any opinions or conjecture I
> > Michigan Technological University | hold to or imply to hold herein.
