[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: bind9-chroot (was: questions on ITP)



On Tue, 25 Sep 2001, Christian Kurz wrote:
> But having a link from either the config-files in /etc/bind to $CHROOT
> or in the other direction, could be in my opinion a security risk.

Henrique de Moraes Holschuh <hmh@debian.org> wrote:
> Oh, how so?

Because the files accessed from within the chroot once it's broken are the
SAME FILES as on the real system.
Doesn't that kinda defeat the purpose of having a chroot?

> Get some sleep. Links from inside the chroot to outside do not work, unless
> the kernel is fucked up.

Hard links work fine.

> <wears QA hat>
> NEVER. This is not some low-grade distribution where you can go around
> scattering configuration files all over the filesystem.  I will fight tooth
> and nail against such an atrocity.
> </wears QA hat>

I agree wholeheartedly here.

I don't see what's so hard about rsync'ing the files from /etc to the
chroot in the init script each time the daemon is started.
-- 
Sam Couter          |   Internet Engineer   |   http://www.topic.com.au/
sam@topic.com.au    |   tSA Consulting      |
OpenPGP key ID:       DE89C75C,  available on key servers
OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 03AE DE89 C75C

Attachment: pgpACweAUrvQ6.pgp
Description: PGP signature


Reply to: