Re: is it safe to chmod +s named? - DNS
This is a discussion on Re: is it safe to chmod +s named? - DNS ; On Tue, Oct 28, 2008 at 7:15 PM, Mark Andrews wrote:
>
> In message , Jeff Pang writes:
>> Hello,
>>
>> I need to let apache start/stop named.
>> I set: chmod +s named, so httpd (run with ...
-
Re: is it safe to chmod +s named?
On Tue, Oct 28, 2008 at 7:15 PM, Mark Andrews wrote:
>
> In message <611607.56975.qm@web45312.mail.sp1.yahoo.com>, Jeff Pang writes:
>> Hello,
>>
>> I need to let apache start/stop named.
>> I set: chmod +s named, so httpd (run with nobody) can stop/start it.
>> Is it safe for this behavior? thanks.
>
> In general, no. Named is not designed to be run suid root.
> A ordinary user can do all sorts of damage with named.
>
> I would suggest that you create a wrapper which then exec's
> named with arguements that you deem safe. This wrapper can
> be suid root.
*cough*sudo*cough* ;-)
-Bryan
