Re: is it really useful to use chroot? (was: bind running as root in Mandrake 7.0)

To: Carlos Carvalho <carlos@fisica.ufpr.br>
Cc: debian-security@lists.debian.org
Subject: Re: is it really useful to use chroot? (was: bind running as root in Mandrake 7.0)
From: thomas lakofski <thomas@88.net>
Date: Mon, 5 Jun 2000 15:58:05 +0100 (BST)
Message-id: <[🔎] Pine.LNX.4.21.0006051542570.22668-100000@oi.88.net>
In-reply-to: <[🔎] 14651.45242.447057.537304@hoggar.fisica.ufpr.br>

chrooting bind is probably worthwhile because

* bind has an abysmal record
* gaining access to the system with uid/gid==bind may well allow an
intruder to gain elevated privileges by exploiting a locally-accessible
vulnerability, which would otherwise not be exposed

yes, it's a pain, but it should be an option at least until a more secure
dns makes its way into the distribution.

regards,

thomas

On Mon, 5 Jun 2000, Carlos Carvalho wrote:

> I wonder if running bind (not as root, of course) in a chroot jail is
> really worth the hassle. If you give it a correct uid/gid it'll only
> have access to public read-only files after all. If it were just a
> config option it'd be fine, but there's the mess with libs et. al.
> that does need some determination to overcome...

Reply to:

References:
- is it really useful to use chroot? (was: bind running as root in Mandrake 7.0)
  - From: Carlos Carvalho <carlos@fisica.ufpr.br>

Prev by Date: is it really useful to use chroot? (was: bind running as root in Mandrake 7.0)
Next by Date: Re: bind running as root in Mandrake 7.0
Previous by thread: is it really useful to use chroot? (was: bind running as root in Mandrake 7.0)
Next by thread: Unknown open ports
Index(es):
- Date
- Thread