[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: chroot'd daemons

On Wed, Sep 01, 1999 at 12:31:24AM +0200, Sarel J. Botha wrote:
> I read in the LSAG, I think, that there is a bind package available for RedHat
> that runs in a chroot'd environment. Wouldn't it be wise to do the same for
> some Debian packages too?

Yes, but perhaps it is enough to have a "jail builder" package, so you have
less data to download. This is something like the ftpd routne which checs if
the anon dir is populated with recent libs and ls. And of course you need to
avoid running the daemons as root, which is unfortunatelly needed as long as
you dont patch kernel or use capablities.

  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to: