Commit ae97c3e7 authored by Brian Wellington's avatar Brian Wellington
Browse files

The bind9 FAQ, with a whopping one question.

parent add40433
Q: Why doesn't -u work on Linux 2.2.x?
A: Linux threads do not fully implement the Posix threads (pthreads) standard.
In particular, setuid() operates only on the current thread, not the full
process. Because of this limitation, BIND 9 cannot use setuid() on Linux as it
can on all other supported platforms. setuid() cannot be called before
creating threads, since the server does not start listening on reserved ports
until after threads have started.
In the 2.3.99-pre3 and newer kernels, the ability to preserve capabilities
across a setuid() call is present. This allows BIND 9 to call setuid() early,
while retaining the ability to bind reserved ports. This is a Linux-specific
hack.
On a 2.2 kernel, BIND 9 does drop many root privileges, so it should be less
of a security risk than a root process that has not dropped privileges.
If Linux threads ever work correctly, this restriction will go away.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment