upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-04-21 14:17:27 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

The bind9 FAQ, with a whopping one question.

Browse source
This commit is contained in:
Brian Wellington 2000-11-08 02:09:29 +00:00
parent add4043305
commit ae97c3e72b
1 changed files with 18 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
FAQ Normal file
View file

@ -0,0 +1,18 @@
Q: Why doesn't -u work on Linux 2.2.x?
A: Linux threads do not fully implement the Posix threads (pthreads) standard.
In particular, setuid() operates only on the current thread, not the full
process. Because of this limitation, BIND 9 cannot use setuid() on Linux as it
can on all other supported platforms. setuid() cannot be called before
creating threads, since the server does not start listening on reserved ports
until after threads have started.
In the 2.3.99-pre3 and newer kernels, the ability to preserve capabilities
across a setuid() call is present. This allows BIND 9 to call setuid() early,
while retaining the ability to bind reserved ports. This is a Linux-specific
hack.
On a 2.2 kernel, BIND 9 does drop many root privileges, so it should be less
of a security risk than a root process that has not dropped privileges.
If Linux threads ever work correctly, this restriction will go away.