From owner-freebsd-security Thu Apr 25 11: 3:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from secure.stargate.net (secure.stargate.net [209.166.165.218]) by hub.freebsd.org (Postfix) with SMTP id EDF9B37B419 for ; Thu, 25 Apr 2002 11:03:29 -0700 (PDT) Received: (qmail 30256 invoked from network); 25 Apr 2002 18:03:56 -0000 Received: from interrogation.ws.pitdc1.stargate.net (209.166.165.215) by secure.stargate.net with SMTP; 25 Apr 2002 18:03:56 -0000 Subject: RE: bind9 in a chroot ? From: SecLists To: Mike Roest Cc: 'Moti' , freebsd-security@freebsd.org In-Reply-To: <000401c1ec80$ac5c8c80$465d4018@zeus> References: <000401c1ec80$ac5c8c80$465d4018@zeus> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.4.99 Date: 25 Apr 2002 14:09:06 -0400 Message-Id: <1019758146.9372.23.camel@interrogation.ws.pitdc1.stargate.net> Mime-Version: 1.0 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You can use lsof to view all open files used by named... if you do that you will see that it is not actually chrooted at all... using the same option with bind9 built from source on OpenBSD, and chrooted into /var/named by the -t option: (root@doberman) ~ # lsof | grep named named 18211 named cwd VDIR 0,20 512 1140352 /var (/dev/wd1e) named 18211 named rtd VDIR 0,20 512 1140352 /var (/dev/wd1e) named 18211 named txt VREG 0,19 5892042 719229 /usr (/dev/wd1d) named 18211 named txt VREG 0,19 61440 1374538 /usr/libexec/ld.so named 18211 named txt VREG 0,20 6429 1163022 /var/run/ld.so.hints named 18211 named txt VREG 0,19 594040 1669247 /usr/lib/libc.so.26.2 You can see that the process is actually accessing files in /usr and /var that are outside of the chroot jail... To do it better than this: http://www.tldp.org/HOWTO/Chroot-BIND-HOWTO-1.html thanks, shawn On Thu, 2002-04-25 at 13:43, Mike Roest wrote: > Yep it is running in the chroot. The -t /etc/chroot shows that. I > think that's the only real way to tell > > --Mike > > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG] On Behalf Of Moti > Sent: Thursday, April 25, 2002 9:55 AM > To: freebsd-security@freebsd.org > Subject: bind9 in a chroot ? > > > o.k > i followed the instructions and i'm quite sure i have it all right ( dns > working and all ) > question is : how do i verify that my bind is really running chrooted ? > will ps -auxw |grep named output -> bind 170 0.0 2.1 3228 2604 ?? > Ss > 11:52AM 0:00.12 /usr/local/sbin/named -u bind -c > /etc/namedb/named.conf -t > /etc/chroot > be enough ? > Moti > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message