From owner-freebsd-stable  Mon Jan  7 14:51: 4 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from falcon.prod.itd.earthlink.net (falcon.mail.pas.earthlink.net [207.217.120.74])
	by hub.freebsd.org (Postfix) with ESMTP id 854D637B404
	for <stable@freebsd.org>; Mon,  7 Jan 2002 14:51:01 -0800 (PST)
Received: from user-33qtmto.dsl.mindspring.com ([199.174.219.184] helo=gohan.cjclark.org)
	by falcon.prod.itd.earthlink.net with esmtp (Exim 3.33 #1)
	id 16NibZ-0006jo-00; Mon, 07 Jan 2002 14:50:59 -0800
Received: (from cjc@localhost)
	by gohan.cjclark.org (8.11.6/8.11.1) id g07MoXB01301;
	Mon, 7 Jan 2002 14:50:33 -0800 (PST)
	(envelope-from cjc)
Date: Mon, 7 Jan 2002 14:50:32 -0800
From: "Crist J. Clark" <cristjc@earthlink.net>
To: Joe Abley <jabley@automagic.org>
Cc: Haikal Saadh <wyldephyre2@yahoo.com>, stable@FreeBSD.ORG
Subject: Re: Chrooted bind  out of the box
Message-ID: <20020107145032.C286@gohan.cjclark.org>
Reply-To: cjclark@alum.mit.edu
References: <000001c195b1$db087880$41c801ca@warhawk> <20020105140846.D204@gohan.cjclark.org> <20020105222558.A95067@buffoon.automagic.org> <20020106112345.B237@gohan.cjclark.org> <20020107090632.P95067@buffoon.automagic.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20020107090632.P95067@buffoon.automagic.org>; from jabley@automagic.org on Mon, Jan 07, 2002 at 09:06:32AM -0500
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On Mon, Jan 07, 2002 at 09:06:32AM -0500, Joe Abley wrote:
> On Sun, Jan 06, 2002 at 11:23:45AM -0800, Crist J. Clark wrote:
[snip]

> > I was talking more about running named(8) as bind:bind. Chrooting has
> > other issues, you need to actually build a chroot environment
> > somewhere and decide what to put in it, and you still need to run as
> > bind:bind for chrooting to be much of a security measure.
> 
> I will disagree with your last point...

root can always break out of a chroot.
-- 
"It's always funny until someone gets hurt. Then it's hilarious."

Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message