Date: Mon, 20 Aug 2001 10:20:34 +0100 From: Rasputin <rara.rasputin@virgin.net> To: questions@freebsd.org Subject: RE: chroot'ing named Message-ID: <20010820102034.A16814@shaft.techsupport.co.uk>
next in thread | raw e-mail | index | archive | help
> ted >> setantae >>Are you saying that an extra layer of security is pointless, so chroot'ing >>named _should_ be hard ? >Shall I turn the question on it's head and throw it right back to you: Are >you saying that the extra layer of security is a requirement so the admin can >be lazy and never bother applying security patches? How does extra securtiy equate to laziness? Admin A has installed 2 levels of security; admin B has installed none. Is admin A lazier than admin B?? > If the DNS goes away then the > entire network is junk. By contrast failure of any other single server > won't take the network with it. Then surely to $DEITY that's a good reason for having security steps for securing this actually work. If the Handbook steps don't work, the Handbook needs fixing. If a jail is a better solution, then a jail should be suggested in the Handbook. Setantae has offered to do these, which is great. Personally I'd have raised this on the security list, or possibly doc, but I think they're valid points. And if a jail can be made easier, and we already have a fix (borrowed from OpenBSD) what's wrong with that? Sheesh. -- Stult's Report: Our problems are mostly behind us. What we have to do now is fight the solutions. Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010820102034.A16814>