From owner-freebsd-questions@FreeBSD.ORG Sat Jun 12 11:59:38 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7ADAA16A4CE for ; Sat, 12 Jun 2004 11:59:38 +0000 (GMT) Received: from smtp.nildram.co.uk (smtp.nildram.co.uk [195.112.4.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2348143D49 for ; Sat, 12 Jun 2004 11:59:38 +0000 (GMT) (envelope-from nullentropy@lineone.net) Received: from [192.168.1.102] (orbital.gotadsl.co.uk [81.6.215.230]) by smtp.nildram.co.uk (Postfix) with ESMTP id A472125085E for ; Sat, 12 Jun 2004 12:53:41 +0100 (BST) Message-ID: <40CAEEC5.5070108@lineone.net> Date: Sat, 12 Jun 2004 12:53:41 +0100 From: Robert Downes User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040608 X-Accept-Language: en, fr, en-us MIME-Version: 1.0 To: FreeBSD Questions Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: chroot versus jail for the name daemon X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Jun 2004 11:59:38 -0000 Newbie Fodder (skip down the page if old and wise): The FreeBSD Handbook describes running BIND (named) in a sandbox, i.e. using chroot to force the named to think that its place in the filesystem is actually the filesystem root when it's not, so it sees /somewhere/deep/inthe/file/jungle as /. So if hackers break named they theoretically cannot attack the real root of the filesystem, only what is within the chroot path. Then the Handbook rather offhandedly mentions that some people would recommend putting named into a jail instead. So I've been looking into the jail system in FreeBSD, and comments suggest that it offers better security. On the surface, jail seems to do the same thing: deceive a process into believing that its place in the filesystem is root, and stopping access to directories outside that path. Questions (for the old and wise): So, are there any FreeBSD-internals masters who can answer the following: 1) What happens if named is broken with neither chroot nor jail, assuming named is running as user and group bind (rather than as root)? 2) What happens if named is broken while using chroot? 3) What happens if named is broken while in a jail, and how is this less dangerous than using chroot? Also, can FreeBSD run as a gateway with NAT while using a jail? A jail needs its own IP address, and that seems to intefere with the way other services need to be configured. -- Bob London, UK