[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: bind9-chroot (was: questions on ITP)

On 01-09-24 Henrique de Moraes Holschuh wrote:
> On Mon, 24 Sep 2001, Christian Kurz wrote:
> > Hm, that doesn't make much sense too me. I think the best thing would be
> > to have /etc/bind inside $CHROOT and having no symlink. 
> And scratch the second-most important feature of Debian (the first one being
> the DFSG)?  Do Not Move Config Files Out Of /etc. Ever. If you need it
> elsewhere, at least leave a symbolic link in place.

But having a link from either the config-files in /etc/bind to $CHROOT
or in the other direction, could be in my opinion a security risk. In my
opinion there should be absolutely no link from $CHROOT to any file
outside the chroot. So instead of creating a $CHROOT that contains
everything without any link to the outside you want to decrease the
security by having links from outside to inside? I don't agree with that
and would instead suggestion to modify the documents stating that all
config files should be in /etc to make a exception for $CHROOT.

           Debian Developer (http://www.debian.org)
1024/26CC7853 31E6 A8CA 68FC 284F 7D16  63EC A9E6 67FF 26CC 7853

Attachment: pgpkofmW3Si6R.pgp
Description: PGP signature

Reply to: