On Jan 22, Bdale Garbee <bdale@gag.com> wrote: >Let me also point out in closing that running non-root is only one way to >increase the theoretical security of the bind package. The daemon also >provides explicit support for running chroot'ed. There are pros and cons to If the program has UID 0 and full capabilities then an exploit can trivially escape out of the chroot jail. -- ciao, Marco