chrooting bind
Simon Waters
Simon at wretched.demon.co.uk
Wed Aug 15 23:51:35 UTC 2001
Kevin Darcy wrote:
...SNIP.. succinct explanation of why using an external chroot
buys you virtually nothing in terms of security over the "-t"
option.
> So I don't think "externally" chroot'ing
> buys any security, and I'd be far more worried about the vulnerabilities
> introduced by having named rely on libraries and device nodes in the chroot jail.
We could always avoid these extra vulnerabilities in altering
library files etc by doing a second "chroot" with "-t", but if
the supposed vulnerability did exist before the "chroot" we'd be
back where we started with a completely compromised box whether
we did this or not *8-)
More information about the bind-users
mailing list