On Mon, Jan 21, 2008 at 04:57:21PM +0100, Adam Tkac wrote: > On Mon, Jan 21, 2008 at 09:48:53AM -0600, Chris Adams wrote: > > Once upon a time, Adam Tkac <atkac@xxxxxxxxxx> said: > > > - /var/named will be writable and read-only permissions will be set > > > per-zone by admin > > > > If the directory is writable, read-only file permissions are > > meaningless. > > > > Maybe but what other solution will be better? I could create separate > read-only directory inside /var/named (called "masters" for example) > and put all read-only zones there but I'm not sure if admins will like > it and use it. That's why the root-only /var/named with writable subdirs was very nice. Your points about allowing core-dumps and other things like a non-complex setup are also valid, that's why I think we should stay thinking about this some more before reducing the security of bind. regards, Florian La Roche -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
