Re: default security
On Tue, Jan 15, 2002 at 01:16:12PM +0100, Javier Fern?ndez-Sanguino Pe?a wrote:
> On Tue, Jan 15, 2002 at 10:21:00AM +0100, Tarjei wrote:
[snip]
> > Debian being what it is, are there any reasons why the
> > debian bind package should not be chroot as the default
> > instalation?
>
> RTFM. That is:
> http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html#s-sec-bind
>
> :)
[snip]
The above link contains the following:
FIXME (jfs): I'm not sure about this, shouldn't bind
files be chown'ed to the groups created? Some files
might need rw permissions in order for bind to work
correctly; for example: if the name server is being used
as a cache the cache files need to be written on hard
disk. Also, if the DNS server is secondary, it might
need to transfer zones from the primary and write them
on hard disk too. This should be clarified.
My opinion is that things that need to be writable should be
owned by the user that runs named, but everything else should be
owned by root.
i.e. secondary zones etc., should be owned by the user that runs
named. If you're doing dynamic DNS, the primary zones will also
need to be writable. named.conf (and primary zones if you're
not doing dynamic DNS) should be owned by root and not writable
by named.
This way, if there's a bind exploit, an attacker can't corrupt
your zone files or config file (except for the secondary zones.)
Of course, they may still be able to make the DNS server serve
incorrect information, but at least it's another hurdle for them
to jump over.
--
Michael Wood <mwood@its.uct.ac.za>
Reply to: