[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] BIND running as root

Subject: [cobalt-security] BIND running as root
From: "Simon Wilson" <simon@xxxxxxxxxxxxx>
Date: Fri, 10 Aug 2001 10:55:42 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Dear all

Following Michael J. Cannon advice, reading loads of stuff I don't really
understand.. I think that my server is running BIND as root, which I believe
makes it vulnerable.

[admin /etc]$ ps -ef | grep named
root       376     1  0 Aug09 ?        00:00:00 named
admin    22535 21250  0 10:50 pts/0    00:00:00 grep named

I understand I now have to make a user and group for it to run under and
that the user must have a disabled shell and a home directory of wherever
the DNS directory is. My question is how to I do the this?

I then assign BIND to the new user and group like this?

/usr/sbin/named -u dns_user -g dns_group

I am right?

Regards
Simon

"If only we new what we where getting into we never would have done it"

Prev by Date: Re: [cobalt-security] DANGER WILL ROBINSON!!! A tool for MIM/c*apfilt and poisoning listed on /.
Next by Date: Re: [cobalt-security] DANGER WILL ROBINSON!!! A tool for MIM/c*apfilt and poisoning listed on /.
Previous by thread: [cobalt-security] Fw: Codered2 and winnuke
Next by thread: [cobalt-security] telnet and telnetd Raq3 overflow problem

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index