also sprach Javier Fernández-Sanguino Peña <jfs@computer.org> [2002.01.15.1316 +0100]:
> > Debian being what it is, are there any reasons why the debian bind
> > package should not be chroot as the default instalation?
>
> RTFM. That is:
> http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html#s-sec-bind
>
> :)
well, first of all, this document refers to a bug, #50013 (to which this
is CCd). in the bug, the argument comes up that "opinions differ from
running bind non-root". but a chroot jail is advised.
i'd love to know just why you'd ever run bind as root, even in a jail.
if i have root rights in a jail, i'll break out of the jail within
minutes (e.g. [1]).
second, why would you *need* bind running as root?
and thirdly, please check the threads at [2] and [3] if you are
interested in a discussion on bind9 and chroot.
> > One thing that might be a good idea, would be a security review of the
> > main debian packages. It's probably beeing done for some already, but I
> > would guess a lot of debian packages could benefit from even stricter
> > default setups. For example, maybe libsafe should be default inn all
> > installs.
>
> Agreed. Feel free to point to better security measures in the
> Default installation and document them, once done it is a major point of
> pressure to change Debian policy.
running non-root *and* chrooting.
> Debian could provide, with only some effort from package
> maintainers versions of daemons chrooted to given environments. This
> however, might break Policy (IMHO).
how would it break policy?
1. http://www.bpfh.net/simes/computing/chroot-break.html
2. http://lists.debian.org/debian-devel/2001/debian-devel-200109/msg01393.html
3. http://lists.debian.org/debian-devel/2002/debian-devel-200201/msg01001.html
--
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
above all, we should not wish to divest
our existence of its rich ambiguity.
-- nietzsche
Attachment:
pgpTnwg60eTck.pgp
Description: PGP signature