[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: These 'roots' are bugging me.

running BIND as a non-privileged user is a good idea, but putting it
into a chroot jail _and_ running as a non-root user is much safer.
i've recently created a chroot'd BIND and use it on a production server;
it's not that difficult. if you want to do this, the chroot-BIND8 howto
is your friend: http://www.linuxdoc.org/HOWTO/Chroot-BIND8-HOWTO.html

this document is really good, but some additional work needs to be done
to get the thing work on debian.

On Wed, 2002-01-30 at 17:14, Dave Kline wrote:
> I have a number of Debian 2.2 systems that have some critical daemons 
> running as root.  The most concerning offender is BIND8.   BIND has been 
> tried and convicted, and by judging its turbulent past, I have no choice 
> but to demote it from its root status.  I don't have dynamic interfaces 
> for it to play with so it clearly has no business being root.  
> I have no experience demoting BIND, but I realize I must.  Making a 
> chroot'ed environment isn't as large a concern for me as just dropping 
> root from the daemon. My question is can I perform this task in a 
> 'Debian' way?  By that I mean can I follow a HOWTO aimed at Debian, so 
> Apt wont trample of my work during the next BIND update? Does anyone 
> have a methodology for BIND8 on Debian 2.2?
> Thanks much.
> -A. Dave
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Gergely Trifonov    mailto:gergely.trifonov@indweb.hu                   
System Administrator, WSD
IND - Interactive Net Design      http://www.indweb.hu
Széchenyi u. 70.        H - 3530 Miskolc          Hungary
Phone: +36 46 505 106              Fax: +36 46 505 107
                    Mobile: +36 20 395 6476

!Please install IND CA Certification as TRUSTED CA!

Reply to: