>>>>> "Patrick" == Patrick Welche <prlw1@newn.cam.ac.uk> writes:
    Patrick> The other thing being that /etc/rc.d/named makes it trivially easy to run
    Patrick> named in a chroot cage as named:named, which colours the risk "It is then
    Patrick> possible to execute code with the privileges of named".

  I agree that this should be done by default.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [