From owner-FreeBSD-users-jp@jp.freebsd.org  Fri Dec  1 10:38:13 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id KAA38104;
	Fri, 1 Dec 2000 10:38:13 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from ukulele.tokyo-club.com (ukulele.tokyo-club.com [210.249.81.228])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with SMTP id KAA38096
	for <FreeBSD-users-jp@jp.freebsd.org>; Fri, 1 Dec 2000 10:38:12 +0900 (JST)
	(envelope-from ml@tokyo-club.com)
Received: (qmail 2903 invoked from network); 1 Dec 2000 10:38:11 +0900
Received: from unknown (HELO mandolin) (210.249.81.226)
  by ukulele.tokyo-club.com with SMTP; 1 Dec 2000 10:38:11 +0900
Date: Fri, 01 Dec 2000 10:34:14 +0900
From: Takeshi Nishioka <ml@tokyo-club.com>
To: FreeBSD-users-jp@jp.freebsd.org
In-Reply-To: <JR20001201100001.161087231@tec.osaka.jip.co.jp>
References: <20001201091441.B372.ML@tokyo-club.com> <JR20001201100001.161087231@tec.osaka.jip.co.jp>
Message-Id: <20001201101756.FD5A.ML@tokyo-club.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-2022-JP"
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver. 2.00
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: FreeBSD-users-jp 57160
Subject: [FreeBSD-users-jp 57160] Re: sandbox
 =?ISO-2022-JP?B?GyRCJE4wVUwjJEskRCQkJEYbKEI=?= 
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: ml@tokyo-club.com

> > # named.  It may be possible to run named in a sandbox, man security 
> > # for details.
> 
> $B$3$N>l9g$K3:Ev$9$k$N$+ITL@$G$9$,!$(B
> $B!V%F%9%HMQ$K3VN%$5$l$?4D6-!W$r;X$9(B
> $B8@MU$H$7$F;H$o$l$F$k$N$rL\7b$7$?$3$H$,$"$j$^$9!%(B

/etc/namedb/named.conf $B$K$O!"2<5-$N5-:\$,$"$j$^$9!#(B

// NOTE!!! FreeBSD runs bind in a sandbox (see named_flags in rc.conf).
// The directory containing the secondary zones must be write accessible
// to bind.  The following sequence is suggested:
//
//      mkdir /etc/namedb/s
//      chown bind.bind /etc/namedb/s
//      chmod 750 /etc/namedb/s

$B$^$@!"$-$C$A$j$H$OM}2r$G$-$J$$$G$$$k$N$G$9$,!"!V3VN%$5$l$?4D6-!W$HM}2r$7(B
$B$F$bNI$5$=$&$J5$$,$7$F$$$^$9!#4V0c$C$F$$$?$i!"C/$+$4;XE&$/$@$5$$!#(B

$B$^$?!"(B/etc/defaults/rc.conf $B$K!"%3%a%s%H%"%&%H$5$l$?7A$G!"(B

#named_flags="-u bind -g bind"

$B$H$$$&5-:\$,$"$k$N$G$9$,!"$3$N5-:\$H!">e5-$N5-:\$r4^$a$FM}2r$9$k$H!"(B
named$B$O!"(Broot$B8"8B$G<B9T$9$k$N$O8m$j$G!"%f!<%6!<(Bbind$B!"%0%k!<%W(Bbind$B$G<B9T(B
$B$5$;$k$Y$-$J$N$G$7$g$&$+!)(B

$B%_%N%k$*7;$5$s!#!X$8$c$!$4$s$U$!$$$k!Y$rFI$s$G$_$?$N$G$9$,!";DG0$J$,$i!"(B
sandbox$B$O!"(BR&D$BItLg$N?M4V$O!"CN$C$F$*$/$Y$-Ev$?$jA0$NC18l$H$7$+M}2r$G$-$^(B
$B$;$s$G$7$?!&!&!&!#6qBNE*$J0UL#$O!"=q$$$F$$$J$$$h$&$J5$$,$9$k$N$G$9$,!#(B
