BIND running setuid with interface changes
Skip Ford
skip.ford at verizon.net
Wed Dec 27 14:00:26 PST 2006
Eugene M. Kim wrote:
[snip]
> Then, when a new address comes up (such as on a dynamically created L2TP
> tun(4) interface), BIND tries to listen on it, but fails because it is
> running setuid as bind:
>
> Dec 27 02:32:00 home named[1121]: listening on IPv4 interface tun0, 10.0.2.129#53
> Dec 27 02:32:00 home named[1121]: could not listen on UDP socket: permission denied
>
> The only workarounds that I can think of is either to run BIND as setuid
> root, or to restart (not reload) BIND every time a new VPN connection
> comes up, both of which I am not comfortable with.
>
> Any better ideas?
mac_portacl(4)
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac-portacl.html
--
Skip
More information about the freebsd-net
mailing list