From owner-freebsd-security Tue Aug 21 9: 4:18 2001 Delivered-To: freebsd-security@freebsd.org Received: from webs1.accretive-networks.net (webs1.accretive-networks.net [207.246.154.13]) by hub.freebsd.org (Postfix) with ESMTP id 89F3737B418 for ; Tue, 21 Aug 2001 09:03:56 -0700 (PDT) (envelope-from davidk@accretivetg.com) Received: from localhost (davidk@localhost) by webs1.accretive-networks.net (8.11.1/8.11.3) with ESMTP id f7LEwl765296; Tue, 21 Aug 2001 07:58:47 -0700 (PDT) Date: Tue, 21 Aug 2001 07:58:47 -0700 (PDT) From: David Kirchner X-X-Sender: To: "Karsten W. Rohrbach" Cc: Koji , Subject: Re: chroot named In-Reply-To: <20010821175802.T45276@mail.webmonster.de> Message-ID: <20010821075533.M38221-100000@localhost> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 21 Aug 2001, Karsten W. Rohrbach wrote: > compiling with LDFLAGS set to include the "-static" option would surely > help for chrooting the process... Yeah, that's a good step to take as well, although it takes more disk space. Hardlinks work into chroot'd directories (as long as the usual requirements for hardlinks are met), so you can just do: cd /usr/chroot-named mkdir -p usr/lib usr/sbin usr/libexec ln /usr/lib/libc.so.3 usr/lib # (or 4) ln /usr/sbin/named usr/sbin ln /usr/libexec/named-xfer usr/libexec > upgrading would surely help, too > > /k Do later versions of bind come with static binaries automatically? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message