From owner-freebsd-security  Mon Aug 20 16:25:27 2001
Delivered-To: freebsd-security@freebsd.org
Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40])
	by hub.freebsd.org (Postfix) with ESMTP id EF47837B409
	for <freebsd-security@freebsd.org>; Mon, 20 Aug 2001 16:25:12 -0700 (PDT)
	(envelope-from cdf.lists@fxp.org)
Received: by peitho.fxp.org (Postfix, from userid 1501)
	id 422661361D; Mon, 20 Aug 2001 19:25:12 -0400 (EDT)
Date: Mon, 20 Aug 2001 19:25:12 -0400
From: Chris Faulhaber <jedgar@fxp.org>
To: Koji <koji@ciberteca.com>
Cc: David Kirchner <davidk@accretivetg.com>,
	freebsd-security@freebsd.org
Subject: Re: chroot named
Message-ID: <20010820192512.A11150@peitho.fxp.org>
Mail-Followup-To: Chris Faulhaber <jedgar@fxp.org>,
	Koji <koji@ciberteca.com>, David Kirchner <davidk@accretivetg.com>,
	freebsd-security@freebsd.org
References: <00a401c129ce$4c63df60$0164a8c0@daemon>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="VS++wcV0S1rZb1Fb"
Content-Disposition: inline
In-Reply-To: <00a401c129ce$4c63df60$0164a8c0@daemon>
User-Agent: Mutt/1.3.20i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--VS++wcV0S1rZb1Fb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Aug 21, 2001 at 01:17:32AM +0200, Koji wrote:
>=20
> # ldd /usr/libexec/named-xfer
> /usr/libexec/named-xfer:
>         libc.so.4 =3D> /usr/lib/libc.so.4 (0x2809c000)
>=20
> # ldd /usr/sbin/named
> /usr/sbin/named:
>         libc.so.4 =3D> /usr/lib/libc.so.4 (0x280dd000)
>=20
> my chroot environment don't have any library and works correctly. Why ?
>=20
> # ls /etc/namedb/chroot
> dev     etc     usr     var
>=20

Because you aren't doing zone transfers?  When you start bind,
it executes in the real system then chroots itself, never needing
the chrooted bin/libs.  If you do zone transfers you will need
the appropriate bin (named-xfer) and associated libs in the chrooted
dirs.

You can also create a statically-linked named-xfer and forget the
libs altogether.  See http://www.fxp.org/jedgar/misc/bind.txt for
step-by-step instructions.

--=20
Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org
--------------------------------------------------------
FreeBSD: The Power To Serve   -   http://www.FreeBSD.org

--VS++wcV0S1rZb1Fb
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: FreeBSD: The Power To Serve

iEYEARECAAYFAjuBnFcACgkQObaG4P6BelCIaQCeMHychyKZIh6mjgsFBJHvtQm7
ncEAn374GQ9QYb3OXtvZGWRhpc6cg7j6
=UxYF
-----END PGP SIGNATURE-----

--VS++wcV0S1rZb1Fb--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message