[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: bind9-chroot (was: questions on ITP)

Martin F Krafft wrote:
> also sprach Richard Atterer (on Sat, 22 Sep 2001 10:03:55PM +0200):
> > What alternative possibilities for implementing this do you see? The
> > package will have to contain the necessary chrooting script somewhere,
> > and the admin will have to perform some action to trigger its
> > execution. After he has done that, the init.d script should execute
> > the chrooted daemon.
> i believe that chroot should be an install time choice, not a runtime
> one (as in config script).

For the long term, this is the safer choice.

For even better security, just make the standard install chrooted
if it is of wise security reasons to.  I've long questioned why 
this hasn't been done for many daemons already.  I know some people
may feel that because it breaks something or another one shouldn't
do this, but I know bind doesn't break anything by being chrooted.
What about others?

|  Bryan Andersen   |   bryan@visi.com   |   http://www.nerdvest.com   |
| Buzzwords are like annoying little flies that deserve to be swatted. |
|   -Bryan Andersen                                                    |

Reply to: