Re: is it safe to chmod +s named?
On Tue, Oct 28, 2008 at 7:15 PM, Mark Andrews <Mark_Andrews@isc.org> wrote:[color=blue]
> In message <firstname.lastname@example.org>, Jeff Pang writes:[color=green]
>> I need to let apache start/stop named.
>> I set: chmod +s named, so httpd (run with nobody) can stop/start it.
>> Is it safe for this behavior? thanks.[/color]
> In general, no. Named is not designed to be run suid root.
> A ordinary user can do all sorts of damage with named.
> I would suggest that you create a wrapper which then exec's
> named with arguements that you deem safe. This wrapper can
> be suid root.[/color]