Re: BIND less restrictive modes and policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Monday 21 January 2008 06:57:38 Adam Tkac wrote:
> I'm going to do major revision of bind's file modes. Currenly We have
> many files readable only by root and I can't see any reason why keep
> binaries unreadable and unexecutable by other users.

What other users would be sharing a DNS server? named is traditionally used 
only on servers. It is a high value target for hackers. If they can get the 
DNS server, they can alter where all users go when they are surfing the web 
(think mega-phishing attack). If an intruder gets access to the DNS server, 
they are going after named. DNS servers are constantly under attack.

> Also there isn't any reason why keep configuration private. Only this files
> should not be readable by other users:
> - /etc/rndc.key - who has it may control server through rndc utility
> - /var/log/named.log - will have sensitive information

I'd keep all the configuration private. For what reason would you make a high 
value target less secure?

-Steve

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux