From owner-freebsd-questions  Thu Jan 23 15:44:36 2003
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1E53637B401
	for <freebsd-questions@freebsd.org>; Thu, 23 Jan 2003 15:44:35 -0800 (PST)
Received: from mail5.atl.registeredsite.com (mail5.atl.registeredsite.com [64.224.219.79])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CEA9943E4A
	for <freebsd-questions@freebsd.org>; Thu, 23 Jan 2003 15:44:28 -0800 (PST)
	(envelope-from admin@asarian-host.net)
Received: from asarian-host.net (asarian-host.net [216.122.74.112])
	by mail5.atl.registeredsite.com (8.12.2/8.12.6) with ESMTP id h0NNiRbh000825
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NOT)
	for <freebsd-questions@freebsd.org>; Thu, 23 Jan 2003 18:44:27 -0500
Comments: To protect the identity of the sender, certain header
	fields are either not shown, or masked. Anonymous email
	addresses for asarians can be requested by filling in the
	appropriate form at: https://asarian-host.net/cgi-bin/signup.cgi
Received: (from root@localhost)
	by asarian-host.net (8.11.6/8.11.0) id h0NNiRT67029
	for freebsd-questions@freebsd.org; Fri, 24 Jan 2003 00:44:27 +0100 (CET)
	(envelope-from admin@asarian-host.net)
Posted-Date: Fri, 24 Jan 2003 00:44:27 +0100 (CET)
From: Mark <admin@asarian-host.net>
Message-Id: <200301232344.H0NNIPL67016@asarian-host.net>
Date: Fri, 24 Jan 2003 00:44:05 +0100
X-Authenticated-Sender: admin@asarian-host.net
Subject: Is chroot bind safe?
X-Trace: 3PJdMite5KDPpZjYaXKGbh4ZdCzAT1MabW40WkyTjJDvxf3sZI4A5zvnP2xtLqWP
X-Complaints-To: abuse@asarian-host.net
X-Abuse-Info: Please be sure to forward a copy of ALL headers
X-Abuse-Info: Otherwise we are unable to process your complaint
Organization: Asarian-host
To: <freebsd-questions@freebsd.org>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Auth: Asarian-host PGP signature
	iQEVAwUAPjB+WjFqW1BleBN9AQFSdwf/egRWS5U1mVTfmC43NUaLCx1m9Mm1x+WL
	F31km1TvguLn7kEFQNGgwExLD2oFbjLN9zRoFZpX+IbU1tJ/jlnfRio6Brul7iuE
	S330HYQXZsanwMCD79MR2OfRg+Howp0jqKIx0OZltns1GEyBpHkf0Hy1XAT5tyxr
	xqIam4U/zPPEgb/OEJwua3hEtNnOaPm3O4Ck9jJaetu1fOTafhWp9eqEbJzx6mel
	7+D0x+IUVWb/cJwczXmkTCEdrwecrKGZW2cw2Hcue552sWmJH7r6dZc43rMjgeqw
	qiZspTogkPXSlZH04ONtTQ77MsAVwLXRQlXaUlqcIQvZs5nPStQXNw==
	=Bne6
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hi,

I just chrooted BIND 8.3.3 as follows:

/usr/sbin/chroot /etc/namedb/ /usr/sbin/named -u bind -g bind

I copied a few dirs, made some devices, etc, and everything seems to run
wonderfully. :) Then I found the -t switch (doh!).

Not wanting to change everything again, is chrooting "named" directly just
as safe?

Thanks!

- Mark


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message