[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: bind9-chroot (was: questions on ITP)

also sprach Christian Kurz (on Tue, 25 Sep 2001 10:11:07AM +0200):
> But having a link from either the config-files in /etc/bind to $CHROOT
> or in the other direction, could be in my opinion a security risk. In my
> opinion there should be absolutely no link from $CHROOT to any file
> outside the chroot. So instead of creating a $CHROOT that contains
> everything without any link to the outside you want to decrease the
> security by having links from outside to inside? I don't agree with that
> and would instead suggestion to modify the documents stating that all
> config files should be in /etc to make a exception for $CHROOT.

please explain how a symlink /etc/bind -> /var/chroot/bind/etc
would be a security problem?

martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
"no problem is so formidable
 that you can't just walk away from it."
                                                          -- c. schulz

Attachment: pgplPWgnQGWTX.pgp
Description: PGP signature

Reply to: