To answer mjs: Yes...if the program is running as root, and
there is some sort of exploit that can get to a shell, then
you've got that shell as root.
To Thierry:
Whichever FM you were reading must be incorrect, or at least
outdated. BIND has run as "named -u named" ever since I
first installed RH7 on my box.
mjs <[EMAIL PROTECTED]> said:
> hmm,..well, does it matter if the named daemon runs as
root,..is this a
> serious problem??
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Thierry
ITTY
> Sent: Tuesday, February 20, 2001 9:32 AM
> To: [EMAIL PROTECTED]
> Subject: Re: upgrading BIND 8.2.2
>
>
> just RTFM and you'll see that the -u flag is only available
with linux for
> kernels > 2.3.99, so just remove the "-u named" option in
the startup
> script and it will work
>
> please note that the ability to switch to another user (ie
named) looks
> interesting for security issues, so maybe we'd have both to
consider moving
> to a 2.4 kernel ;-)
>
> btw note too that named does NOT load domains which have no
default TTL, so
> I added a $TTL line at the beginning of every zone
definition file (direct
> and reverse) BUT the hints file. it just complains about an
invalid ttl
> value but unlike bind 8 which loaded the zone despite this
lack, bind 9
> just doesn't load it (a bit silently i think)
>
> hth,
>
>
>
>
> A 21:12 19/02/2001 -0500, vous avez écrit :
> >
> >Here's the problem....i've upgraded bind 8.2.2 p7 to bind
9.01,..i should
> >let you know im running redhat 6.2 with kernel
2.2.17....anyway,..first of
> >all it seems to copy the binary to
/usr/local/sbin/named,..instead of
> >/usr/sbin/named like with 8.2.2,..so i copied the new
named binary to the
> >/usr/sbin/named and ran /etc/rc.d/init.d/named start and
recieved the
> >following error:
> >
> >
> >Shutting down named: [FAILED]
> >Starting named: named: -u not supported on Linux kernels
older than
> >2.3.99-pre3 when using threads
> >[FAILED]
> >
> >
> >I have know clue why this doesn't start, does this mean i
cant run BIND
> 9.01
> >on Redhat 6.2 using kernel 2.2.17.....has anyone else had
this problem??
> >
> >how can i fix this,..so i can start the daemon using
"named -u named"
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > An optimist believes we live in the best of all possible
worlds. A
> >pessimist is sure of it!
> >
> >
> >---
> >Outgoing mail is certified Virus Free.
> >Checked by AVG anti-virus system (http://www.grisoft.com).
> >Version: 6.0.231 / Virus Database: 112 - Release Date:
2/12/2001
> >
> >
> >
> >_______________________________________________
> >Redhat-list mailing list
> >[EMAIL PROTECTED]
> >https://listman.redhat.com/mailman/listinfo/redhat-list
> >
> >
> - * - * - * - * - * - * -
> Mes idees n'engagent que moi (vieux proverbe du Net)
>
> Thierry ITTY
> eMail: [EMAIL PROTECTED] FRANCE
>
>
>
>
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.231 / Virus Database: 112 - Release Date:
2/12/2001
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.231 / Virus Database: 112 - Release Date:
2/12/2001
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
>
--
Mike Burger
CompuCom Information Services
http://www.compucomis.net
(215) 946-5573
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
