From roelof@nl.nisser.com  Mon Jan 15 16:25:38 2001
Return-Path: <roelof@nl.nisser.com>
Received: from nl.nisser.com (c0039.upc-c.chello.nl [212.187.0.39])
	by hub.freebsd.org (Postfix) with ESMTP id 47FCD37B6A4
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 15 Jan 2001 16:25:37 -0800 (PST)
Received: (from root@localhost)
	by nl.nisser.com (8.11.1/8.11.1) id f0G0PZW71066;
	Tue, 16 Jan 2001 01:25:35 +0100 (CET)
	(envelope-from roelof)
Message-Id: <200101160025.f0G0PZW71066@nl.nisser.com>
Date: Tue, 16 Jan 2001 01:25:35 +0100 (CET)
From: toor@eboa.com
Reply-To: toor@nisser.com
To: FreeBSD-gnats-submit@freebsd.org
Subject: I don't think so!
X-Send-Pr-Version: 3.2

>Number:         24364
>Category:       docs
>Synopsis:       wrong description or rc.conf
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-doc
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jan 15 16:30:01 PST 2001
>Closed-Date:    Tue Jan 16 05:30:13 PST 2001
>Last-Modified:  Tue Jan 16 05:32:48 PST 2001
>Originator:     Bourne-again Superuser
>Release:        FreeBSD 4.2-RELEASE i386
>Organization:
eBOA/Nisser
>Environment:

see release

>Description:

http://www.freebsd.org/handbook/securing-freebsd.html:

"FreeBSD now defaults to running ntalkd, comsat, and finger in a sandbox. Another program which may be a
candidate for running in a sandbox is named(8). The default rc.conf includes the arguments necessary to run
named in a sandbox in a commented-out form. Depending on whether you are installing a new system or upgrading"

No it doesn't. O'Reilly's does, though.

>How-To-Repeat:

check rc.conf

>Fix:

either amend rc.conf or the docs

Mind you, it could be I'm missing something. But if that's the case, blame
the docs ;).


>Release-Note:
>Audit-Trail:

From: Dima Dorfman <dima@unixfreak.org>
To: toor@nisser.com
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: docs/24364: I don't think so! 
Date: Mon, 15 Jan 2001 20:48:52 -0800

 > 
 > >Number:         24364
 > >Category:       docs
 > >Synopsis:       wrong description or rc.conf
 > 
 > "FreeBSD now defaults to running ntalkd, comsat, and finger in a sandbox. Ano
 > ther program which may be a
 > candidate for running in a sandbox is named(8). The default rc.conf includes 
 > the arguments necessary to run
 > named in a sandbox in a commented-out form. Depending on whether you are inst
 > alling a new system or upgrading"
 > 
 > No it doesn't. O'Reilly's does, though.
 
 It does, but it isn't very clear about it:
 
 <quote rc.conf>
 #
 # named.  It may be possible to run named in a sandbox, man security for
 # details.
 #
 named_enable="NO"               # Run named, the DNS server (or NO).
 named_program="named"           # path to named, if you want a different one.
 named_flags=""                  # Flags for named
 #named_flags="-u bind -g bind"  # Flags for named
 <unquote>
 
 The last line is an example of how to run it in a sandbox.
 
 					Dima Dorfman
 					dima@unixfreak.org
 
State-Changed-From-To: open->closed 
State-Changed-By: jedgar 
State-Changed-When: Tue Jan 16 05:30:13 PST 2001 
State-Changed-Why:  
Handbook updated to refer to /etc/defaults/rc.conf 

http://www.freebsd.org/cgi/query-pr.cgi?pr=24364 
>Unformatted:
