Re: is it really useful to use chroot? (was: bind running as root in Mandrake 7.0)
chrooting bind is probably worthwhile because
* bind has an abysmal record
* gaining access to the system with uid/gid==bind may well allow an
intruder to gain elevated privileges by exploiting a locally-accessible
vulnerability, which would otherwise not be exposed
yes, it's a pain, but it should be an option at least until a more secure
dns makes its way into the distribution.
regards,
thomas
On Mon, 5 Jun 2000, Carlos Carvalho wrote:
> I wonder if running bind (not as root, of course) in a chroot jail is
> really worth the hassle. If you give it a correct uid/gid it'll only
> have access to public read-only files after all. If it were just a
> config option it'd be fine, but there's the mess with libs et. al.
> that does need some determination to overcome...
Reply to: