From owner-freebsd-security Mon Aug 20 16:25:27 2001 Delivered-To: freebsd-security@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id EF47837B409 for ; Mon, 20 Aug 2001 16:25:12 -0700 (PDT) (envelope-from cdf.lists@fxp.org) Received: by peitho.fxp.org (Postfix, from userid 1501) id 422661361D; Mon, 20 Aug 2001 19:25:12 -0400 (EDT) Date: Mon, 20 Aug 2001 19:25:12 -0400 From: Chris Faulhaber To: Koji Cc: David Kirchner , freebsd-security@freebsd.org Subject: Re: chroot named Message-ID: <20010820192512.A11150@peitho.fxp.org> Mail-Followup-To: Chris Faulhaber , Koji , David Kirchner , freebsd-security@freebsd.org References: <00a401c129ce$4c63df60$0164a8c0@daemon> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="VS++wcV0S1rZb1Fb" Content-Disposition: inline In-Reply-To: <00a401c129ce$4c63df60$0164a8c0@daemon> User-Agent: Mutt/1.3.20i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --VS++wcV0S1rZb1Fb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Aug 21, 2001 at 01:17:32AM +0200, Koji wrote: >=20 > # ldd /usr/libexec/named-xfer > /usr/libexec/named-xfer: > libc.so.4 =3D> /usr/lib/libc.so.4 (0x2809c000) >=20 > # ldd /usr/sbin/named > /usr/sbin/named: > libc.so.4 =3D> /usr/lib/libc.so.4 (0x280dd000) >=20 > my chroot environment don't have any library and works correctly. Why ? >=20 > # ls /etc/namedb/chroot > dev etc usr var >=20 Because you aren't doing zone transfers? When you start bind, it executes in the real system then chroots itself, never needing the chrooted bin/libs. If you do zone transfers you will need the appropriate bin (named-xfer) and associated libs in the chrooted dirs. You can also create a statically-linked named-xfer and forget the libs altogether. See http://www.fxp.org/jedgar/misc/bind.txt for step-by-step instructions. --=20 Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org --VS++wcV0S1rZb1Fb Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: FreeBSD: The Power To Serve iEYEARECAAYFAjuBnFcACgkQObaG4P6BelCIaQCeMHychyKZIh6mjgsFBJHvtQm7 ncEAn374GQ9QYb3OXtvZGWRhpc6cg7j6 =UxYF -----END PGP SIGNATURE----- --VS++wcV0S1rZb1Fb-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message