'succesful' nsupdate of remote server not persistent across nameserver restart?
Matthew Pounsett
matt at conundrum.com
Wed Apr 27 13:30:21 UTC 2016
On 27 April 2016 at 03:07, Tony Finch <dot at dotat.at> wrote:
> Matthew Pounsett <matt at conundrum.com> wrote:
> >
> > Privsep doesn't actually fix the same problem chroot does. As I
> > understand it, privsep reduces the attack surface for remote execution
> > exploits by shuffling off privileged operations to a separate process,
> but
> > if that process isn't chrooted and it has a remote code execution flaw
> then
> > your entire system is opened up to attack.
>
> Actually it is normal for privsep processes to chroot themselves, usually
> to /var/empty - e.g.
>
Right, so "no chroot necessary" (which is what I was responding to) isn't
accurate.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160427/0ff1c91b/attachment.html>
More information about the bind-users
mailing list