RHL71, Webmin 0.88 and BIND 9

[Brad Knowles]

At 8:19 AM -0700 10/3/01, Phlip Wards wrote:

>  Another question about views: If someone were to break bind9 and gain
>  access to the file system, would it be safer if the attacker only had
>  access to the files that hold the external records? Since the files
>  that hold the internal records are on another file system that the
>  attacker should not have access to, wouldn't it be harder to determine
>  that make up of the internal network?

	Take a look at the history of known computer security attacks. 
Something like 99% of all known attacks involve taking a machine 
where you have some limited level of access and doing something to 
increase your level of access, so that you can then completely take 
over the machine.

	Yes, you want to chroot your copy of BIND, and you want to have 
it run as a non-privileged user.  But consider that once they're on 
the machine (even as a chrooted unprivileged user), it's only a 
matter of time before they own the whole thing -- in most cases, 
probably a matter of just a few seconds.

-- 
Brad Knowles, <brad.knowles at skynet.be>

H4sICIFgXzsCA2RtYS1zaWcAPVHLbsMwDDvXX0H0kkvbfxiwVw8FCmzAzqqj1F4dy7CdBfn7
Kc6wmyGRFEnvvxiWQoCvqI7RSWTcfGXQNqCUAnfIU+AT8OZ/GCNjRVlH0bKpguJkxiITZqes
MxwpSucyDJzXxQEUe/ihgXqJXUXwD9ajB6NHonLmNrUSK9nacHQnH097szO74xFXqtlbT3il
wMsBz5cnfCR5cEmci0Rj9u/jqBbPeES1I4PeFBXPUIT1XDSOuutFXylzrQvGyboWstCoQZyP
dxX4dLx0eauFe1x9puhoi0Ao1omEJo+BZ6XLVNaVpWiKekxN0VK2VMpmAy+Bk7ZV4SO+p1L/
uErNRS/qH2iFU+iNOtbcmVt9N16lfF7tLv9FXNj8AiyNcOi1AQAA