chroot jail question..
Kevin Darcy
kcd at daimlerchrysler.com
Tue Aug 16 21:30:59 UTC 2005
blrmaani wrote:
>I was under the impression that UNIX processes started
>as a root process can access ports upto 10XX.
>
Superuser processes can access all ports.
>When I ran BIND
>in chroot jail
>
Chroot has no bearing on this.
>( user=named, group=named), the named process can
>still access default port=53 and default control port=953.
>
53 = DNS (Internet protocol)
953 = rndc (proprietary BIND protocol)
>How does this work?
>
It bound to those ports before it dropped its superuser privileges. Note
that it cannot bind to any *new* address/port combinations, which could
be a problem if you have interfaces appearing dynamically.
- Kevin
More information about the bind-users
mailing list