Re: chroot'd daemons

To: debian-devel@lists.debian.org
Subject: Re: chroot'd daemons
From: Bernd Eckenfels <lists@lina.inka.de>
Date: Wed, 1 Sep 1999 23:57:32 +0200
Message-id: <[🔎] 19990901235732.A19048@lina.inka.de>
In-reply-to: <19990901003124.A4908@jab.home>
References: <19990901003124.A4908@jab.home>

On Wed, Sep 01, 1999 at 12:31:24AM +0200, Sarel J. Botha wrote:
> I read in the LSAG, I think, that there is a bind package available for RedHat
> that runs in a chroot'd environment. Wouldn't it be wise to do the same for
> some Debian packages too?

Yes, but perhaps it is enough to have a "jail builder" package, so you have
less data to download. This is something like the ftpd routne which checs if
the anon dir is populated with recent libs and ls. And of course you need to
avoid running the daemons as root, which is unfortunatelly needed as long as
you dont patch kernel or use capablities.

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to:

Follow-Ups:
- Re: chroot'd daemons
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: Feaping Creature-ism in core Debian Packages
Next by Date: Re: Herring/dpkg (was Re: Senseless Bickering and Overpoliticization)
Previous by thread: Re: Pine 4.10
Next by thread: Re: chroot'd daemons
Index(es):
- Date
- Thread