Date: Mon, 7 Jan 2002 14:50:32 -0800 From: "Crist J. Clark" <cristjc@earthlink.net> To: Joe Abley <jabley@automagic.org> Cc: Haikal Saadh <wyldephyre2@yahoo.com>, stable@FreeBSD.ORG Subject: Re: Chrooted bind out of the box Message-ID: <20020107145032.C286@gohan.cjclark.org> In-Reply-To: <20020107090632.P95067@buffoon.automagic.org>; from jabley@automagic.org on Mon, Jan 07, 2002 at 09:06:32AM -0500 References: <000001c195b1$db087880$41c801ca@warhawk> <20020105140846.D204@gohan.cjclark.org> <20020105222558.A95067@buffoon.automagic.org> <20020106112345.B237@gohan.cjclark.org> <20020107090632.P95067@buffoon.automagic.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 07, 2002 at 09:06:32AM -0500, Joe Abley wrote:
> On Sun, Jan 06, 2002 at 11:23:45AM -0800, Crist J. Clark wrote:
[snip]
> > I was talking more about running named(8) as bind:bind. Chrooting has
> > other issues, you need to actually build a chroot environment
> > somewhere and decide what to put in it, and you still need to run as
> > bind:bind for chrooting to be much of a security measure.
>
> I will disagree with your last point...
root can always break out of a chroot.
--
"It's always funny until someone gets hurt. Then it's hilarious."
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020107145032.C286>