Re: chrooting bind9

To: debian-security@lists.debian.org
Subject: Re: chrooting bind9
From: Mark Ferlatte <ferlatte@cryptio.net>
Date: Sat, 4 Jan 2003 16:24:02 -0800
Message-id: <[🔎] 20030105002402.GA94928@radix.cryptio.net>
Mail-followup-to: Mark Ferlatte <ferlatte@cryptio.net>, debian-security@lists.debian.org
In-reply-to: <[🔎] 5.1.0.14.0.20030103181322.028de880@popmail.libero.it>
References: <[🔎] 5.1.0.14.0.20030103181322.028de880@popmail.libero.it>

begin  Stefano Salvi quote on Fri, Jan 03, 2003 at 06:19:53PM +0100:
> There are two chances to do this:
> 1) using parameter --chroot of 'start-stop-daemon'
> 2) using parameter -t of bind
> In both ways I have to use -u parameter of bind to change user, otherwise 
> it can't get privileged resources as the 'domain' socket.
> Is there a difference in security with one method resspect to the other?

I don't think so.  I use the -t parameter of bind myself:

http://cryptio.net/~ferlatte/config

M

Attachment: pgpO2A3QOA_Sx.pgp
Description: PGP signature

Reply to:

References:
- chrooting bind9
  - From: Stefano Salvi <s.salvi@libero.it>

Prev by Date: Re: Putting Apache, PHP, Tomcat and CGI in a jail
Next by Date: Re: Putting Apache, PHP, Tomcat and CGI in a jail
Previous by thread: chrooting bind9
Next by thread: How to get the current security updates on CD?
Index(es):
- Date
- Thread