also sprach Christian Kurz (on Tue, 25 Sep 2001 10:11:07AM +0200):
> But having a link from either the config-files in /etc/bind to $CHROOT
> or in the other direction, could be in my opinion a security risk. In my
> opinion there should be absolutely no link from $CHROOT to any file
> outside the chroot. So instead of creating a $CHROOT that contains
> everything without any link to the outside you want to decrease the
> security by having links from outside to inside? I don't agree with that
> and would instead suggestion to modify the documents stating that all
> config files should be in /etc to make a exception for $CHROOT.
please explain how a symlink /etc/bind -> /var/chroot/bind/etc
would be a security problem?
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
--
"no problem is so formidable
that you can't just walk away from it."
-- c. schulz
Attachment:
pgplPWgnQGWTX.pgp
Description: PGP signature