From roelof@nl.nisser.com Mon Jan 15 16:25:38 2001 Return-Path: Received: from nl.nisser.com (c0039.upc-c.chello.nl [212.187.0.39]) by hub.freebsd.org (Postfix) with ESMTP id 47FCD37B6A4 for ; Mon, 15 Jan 2001 16:25:37 -0800 (PST) Received: (from root@localhost) by nl.nisser.com (8.11.1/8.11.1) id f0G0PZW71066; Tue, 16 Jan 2001 01:25:35 +0100 (CET) (envelope-from roelof) Message-Id: <200101160025.f0G0PZW71066@nl.nisser.com> Date: Tue, 16 Jan 2001 01:25:35 +0100 (CET) From: toor@eboa.com Reply-To: toor@nisser.com To: FreeBSD-gnats-submit@freebsd.org Subject: I don't think so! X-Send-Pr-Version: 3.2 >Number: 24364 >Category: docs >Synopsis: wrong description or rc.conf >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: closed >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Mon Jan 15 16:30:01 PST 2001 >Closed-Date: Tue Jan 16 05:30:13 PST 2001 >Last-Modified: Tue Jan 16 05:32:48 PST 2001 >Originator: Bourne-again Superuser >Release: FreeBSD 4.2-RELEASE i386 >Organization: eBOA/Nisser >Environment: see release >Description: http://www.freebsd.org/handbook/securing-freebsd.html: "FreeBSD now defaults to running ntalkd, comsat, and finger in a sandbox. Another program which may be a candidate for running in a sandbox is named(8). The default rc.conf includes the arguments necessary to run named in a sandbox in a commented-out form. Depending on whether you are installing a new system or upgrading" No it doesn't. O'Reilly's does, though. >How-To-Repeat: check rc.conf >Fix: either amend rc.conf or the docs Mind you, it could be I'm missing something. But if that's the case, blame the docs ;). >Release-Note: >Audit-Trail: From: Dima Dorfman To: toor@nisser.com Cc: FreeBSD-gnats-submit@freebsd.org Subject: Re: docs/24364: I don't think so! Date: Mon, 15 Jan 2001 20:48:52 -0800 > > >Number: 24364 > >Category: docs > >Synopsis: wrong description or rc.conf > > "FreeBSD now defaults to running ntalkd, comsat, and finger in a sandbox. Ano > ther program which may be a > candidate for running in a sandbox is named(8). The default rc.conf includes > the arguments necessary to run > named in a sandbox in a commented-out form. Depending on whether you are inst > alling a new system or upgrading" > > No it doesn't. O'Reilly's does, though. It does, but it isn't very clear about it: # # named. It may be possible to run named in a sandbox, man security for # details. # named_enable="NO" # Run named, the DNS server (or NO). named_program="named" # path to named, if you want a different one. named_flags="" # Flags for named #named_flags="-u bind -g bind" # Flags for named The last line is an example of how to run it in a sandbox. Dima Dorfman dima@unixfreak.org State-Changed-From-To: open->closed State-Changed-By: jedgar State-Changed-When: Tue Jan 16 05:30:13 PST 2001 State-Changed-Why: Handbook updated to refer to /etc/defaults/rc.conf http://www.freebsd.org/cgi/query-pr.cgi?pr=24364 >Unformatted: