bind8, libpcap, tcpdump

Dagmar d'Surreal dagmar at speakeasy.net
Fri Nov 22 03:04:46 PST 2002


On Tue, 2002-11-19 at 15:35, Steve Wolfe wrote:
> > It's worth noting that to anyone who follows the principle of least
> > privlege to the letter when designing subsystems,
> 
>  (snip)
> 
> > ...at the top of the named.conf, add an ACL (access control list) like:
> 
> (snip)
> 
> > ...and in the options section of the named.conf, we add:
> 
> (snip)
> 
> > At the top of our named.conf, we'd be adding a new ACL like this...
> 
> (snip)
> 
> > ...we'd be using an ACL to globally disable zone transfers, and then
> > we'd have a zone entry that looked a bit like this...
> 
>     Geez.  Imagine a car dealer telling you "No, it won't blow up on you,
> as long as you take these five basic steps to customize the engine...."

Your analogy is woefully incorrect.  From where I sit, it's more like
telling people their car will last longer if they avoid driving it into
solid objects or bodies of water.  Just because someone _can_ toss
together a five line named.conf does not mean that's the intelligent
thing to do.

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list