On 01-09-24 Henrique de Moraes Holschuh wrote:
> On Mon, 24 Sep 2001, Christian Kurz wrote:
> > Hm, that doesn't make much sense too me. I think the best thing would be
> > to have /etc/bind inside $CHROOT and having no symlink.
> And scratch the second-most important feature of Debian (the first one being
> the DFSG)? Do Not Move Config Files Out Of /etc. Ever. If you need it
> elsewhere, at least leave a symbolic link in place.
But having a link from either the config-files in /etc/bind to $CHROOT
or in the other direction, could be in my opinion a security risk. In my
opinion there should be absolutely no link from $CHROOT to any file
outside the chroot. So instead of creating a $CHROOT that contains
everything without any link to the outside you want to decrease the
security by having links from outside to inside? I don't agree with that
and would instead suggestion to modify the documents stating that all
config files should be in /etc to make a exception for $CHROOT.
Christian
--
Debian Developer (http://www.debian.org)
1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853
Attachment:
pgpMH7XNj1bCd.pgp
Description: PGP signature