On 01-09-24 Henrique de Moraes Holschuh wrote: > On Mon, 24 Sep 2001, Christian Kurz wrote: > > Hm, that doesn't make much sense too me. I think the best thing would be > > to have /etc/bind inside $CHROOT and having no symlink. > And scratch the second-most important feature of Debian (the first one being > the DFSG)? Do Not Move Config Files Out Of /etc. Ever. If you need it > elsewhere, at least leave a symbolic link in place. But having a link from either the config-files in /etc/bind to $CHROOT or in the other direction, could be in my opinion a security risk. In my opinion there should be absolutely no link from $CHROOT to any file outside the chroot. So instead of creating a $CHROOT that contains everything without any link to the outside you want to decrease the security by having links from outside to inside? I don't agree with that and would instead suggestion to modify the documents stating that all config files should be in /etc to make a exception for $CHROOT. Christian -- Debian Developer (http://www.debian.org) 1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853
Attachment:
pgpMH7XNj1bCd.pgp
Description: PGP signature