Content-Transfer-Encoding: binary
Content-Disposition: inline
Content-Type: text/plain; charset="utf-8"
X-RT-Interface: Web
X-RT-Original-Encoding: utf-8
References: <RT-Ticket-46729@isc.org>
 <rt-4.4.1-21730-1511966921-511.46729-3-0@isc.org>
 <20171129152804.GA17965@jurassic.lan.banu.com>
 <rt-4.4.1-8816-1511969326-124.46729-0-0@isc.org>
Message-ID: <rt-4.4.1-15072-1511975920-67.46729-0-0@isc.org>
MIME-Version: 1.0
X-Mailer: MIME-tools 5.508 (Entity 5.508)
In-Reply-To: <rt-4.4.1-8816-1511969326-124.46729-0-0@isc.org>
RT-Send-CC:
Content-Length: 722

I received an email comment from Loganaden Velvindron, who authored the
patch adding seccomp support to BIND (see RT #35347):

> Thanks for reaching out. Could we look into a solution where seccomp
> is still kept but as an experimental feature ?
> 
> If seccomp is too complex (and I understand the concerns there), how
> about implementing a privilege separation model, and using seccomp
> only for untrusted domains, while avoiding applying it to code paths
> which are less likely to have security issues. FYI, OpenBSD had for a
> long time been running a privilege separated ISC-BIND in their tree. I
> didn't have time to dig into it, but I think that maybe it's time to
> review it, and discuss with the ISC team ?