[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

BIND less restrictive modes and policy

From: Adam Tkac <atkac redhat com>
To: fedora-devel-list redhat com
Subject: BIND less restrictive modes and policy
Date: Mon, 21 Jan 2008 12:57:38 +0100

Hi all,

I'm going to do major revision of bind's file modes. Currenly We have
many files readable only by root and I can't see any reason why keep
binaries unreadable and unexecutable by other users. Also there isn't
any reason why keep configuration private. Only this files should not
be readable by other users:
- /etc/rndc.key - who has it may control server through rndc utility
- /var/log/named.log - will have sensitive information

All other will be readable for all. Also complete /var/named/* subtree
will be writable by named (for generating core files, DDNS updates,
secondary servers, generally for easier configuration).

Has anyone arguments against such change?

Regards, Adam

-- 
Adam Tkac, Red Hat, Inc.

Follow-Ups:
- Re: BIND less restrictive modes and policy
  - From: Andrew Farris
- Re: BIND less restrictive modes and policy
  - From: Florian La Roche
- Re: BIND less restrictive modes and policy
  - From: Steve Grubb
- Re: BIND less restrictive modes and policy
  - From: nodata
- Re: BIND less restrictive modes and policy
  - From: Enrico Scholz

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]