Re: questions about chrooting bind 8.3.3

["J.J. van Gorkum" <job@knowzone.org>]

On Wed, 2002-10-30 at 22:15, Sean McAvoy wrote:
> Yes it is true that it's making use of the systems libs, but they can't
> be touched by the process as it has been chrooted. In order for someone
> to overwrite those files, they would first have to break of the chroot. 
> I'm not sure of the real security implications of using the system libs
> are vs. using chrooted libs. 
> 
> 

Maybe I'm too much an old school admin but 'they' allways told me to
move all the libraries into the chroot environment (no symlinks
watsoever) and even (if possible) move the whole chroot environment 
onto an special (read-only) filesystem...

In my second example when I start the named daemon without the -t option
and use the (buggy) start-stop-daemon --chroot option the libraries are
used from the chroot environment. That was my point -- and it seems that
the 'standard' debian method of using a chroot environment (the link
from my original post) is moving the libraries into the chroot
environment and not using them.....

-- 
J.J. van Gorkum                            Knowledge Zone
--
If UNIX isn't the solution, you've got the wrong problem.