Date: 01 Feb 2001 18:35:51 +0100 From: Dag-Erling Smorgrav <des@ofug.org> To: Gordon Tetlow <gordont@bluemtn.net> Cc: Vivek Khera <khera@kciLink.com>, <stable@FreeBSD.ORG> Subject: Re: chrooting bind Message-ID: <xzpae86wbk8.fsf@flood.ping.uio.no> In-Reply-To: Gordon Tetlow's message of "Thu, 1 Feb 2001 09:25:47 -0800 (PST)" References: <Pine.BSF.4.31.0102010924030.17707-100000@sdmail0.sd.bmarts.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Gordon Tetlow <gordont@bluemtn.net> writes: > Correct me if I'm wrong, but this is only a sandbox (run as a different > user) while this person wants to set up a true chroot environment. > Personally, I think that the former is adequete as nothing else on the box > is owned by the bind user. Are you absolutely certain your box doesn't have a local root vulnerability? For instance, are you running a recent -STABLE (which is believed to be secure), or are you running e.g. 4.1.1-RELEASE (which has an exploitable buffer overflow in the procfs code)? Run BIND in a jail, or a chroot if you can't set up a jail. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpae86wbk8.fsf>