Rendering BIND 8.2.3 ultra secure
Kevin Darcy
kcd at daimlerchrysler.com
Thu Feb 1 01:46:06 UTC 2001
Not to nitpick, but compiling named and named-xfer statically doesn't really
buy you anything in terms of security, assuming that the shared libraries in
the chroot jail aren't writable by unprivileged users. The main purpose of
static linking in this context is to make the construction of the chroot
jail slightly easier, at the cost of bloating named and named-xfer
substantially. Personally, when I set up chroot jails, I don't bother with
static linking; I just make sure the correct shared libraries are securely
installed in the chroot jail.
- Kevin
Patrick Gilbert wrote:
> Hi,
>
> Just thought i'd put something up on how to install bind 8.2.3 as an
> underpriveledged user in a chroot jail with static named and named-xfer
> binairies. This particular example is for Solaris sparc 2.6.
>
> This way of installing bind should calm the worried IT manager, scared by
> the newest doom and gloom bind bugs.
>
> http://www.pgci.ca/p_bind.html
>
> Comments are welcome as always,
>
> Cheers,
>
> --
> Patrick Gilbert +1 (514) 396-4747
> CEO, PGCI http://www.pgci.ca
> Montreal (QC), Canada CE AB B2 18 E0 FE C4 33 0D 9A AC 18 30 1F D9 1A
More information about the bind-users
mailing list