On Monday 21 January 2008 06:57:38 Adam Tkac wrote: > I'm going to do major revision of bind's file modes. Currenly We have > many files readable only by root and I can't see any reason why keep > binaries unreadable and unexecutable by other users. What other users would be sharing a DNS server? named is traditionally used only on servers. It is a high value target for hackers. If they can get the DNS server, they can alter where all users go when they are surfing the web (think mega-phishing attack). If an intruder gets access to the DNS server, they are going after named. DNS servers are constantly under attack. > Also there isn't any reason why keep configuration private. Only this files > should not be readable by other users: > - /etc/rndc.key - who has it may control server through rndc utility > - /var/log/named.log - will have sensitive information I'd keep all the configuration private. For what reason would you make a high value target less secure? -Steve -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
