Should bind 9 be installed in chrooted environment?
Michael Kjorling
michael at kjorling.com
Sat Dec 22 19:29:24 UTC 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
And also allows the libraries and all other binaries to be put outside
the chroot jail, so if someone compromises BIND they can't just place
a trojaned named executable there and know it'll get executed.
Michael Kjörling
On Dec 22 2001 19:16 -0000, Simon Waters wrote:
> > But the security issue comes. Is bind 9 more secure in chrooted
>
> Yes. How the "-t" chroot compares with the traditional approach
> to chrooting, I've not seen discussed. The "-t" approach
> presumably allows room for the software developers to accidently
> compromise the chroot jail in the code, unlike the traditional
> approach.
- --
Michael Kjörling -- Programmer/Network administrator ^..^
Internet: michael at kjorling.com -- FidoNet: 2:204/254.4 \/
PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e
"There is something to be said about not trying to be glamorous
and popular and cool. Just be real -- and life will be real."
(Joyce Sequichie Hifler, September 13 2001, www.hifler.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Public key is at http://michael.kjorling.com/contact/pgp.html
iD8DBQE8JN8XKqN7/Ypw4z4RAn/DAJ9xmOweTv3OqEzHn1+s6DcWswbuLACfXu8d
9eRuSpcdUkWTBGvsMvYT23M=
=HvjZ
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list