Yes, a non-privileged user should be created and used to to run
named. RH6.2 does, but default on new installs, create a user called
'named' and runs the named process as that user. There have been some
well-documented buffer overflow problems in named. Exploits to these are
automated and someone can attack a machine running named and gain access
as the user running the process; if it is root then the person has
control of the machine. The most current version of BIND, shipped with
RH6.2, closes off known buffer overflow problems, but there may be others
lurking. Best to avoid the problem and run named as a non-privileged
user.
- rick warner -
On Tue, 18 Apr 2000, Brad Cramer wrote:
> in the script /etc/rc.d/init.d/named it calls for named to start as:
> named -u named
> I am not sure how it worked in 6.1 but you might try changing the script or
> adding a user named. I think I did not have a problem because i did a clean
> install
> Hope that helps
> Brad
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
