Re: how to check bind9 chroot

To: debian-security@lists.debian.org
Subject: Re: how to check bind9 chroot
From: "J.J. van Gorkum" <job@knowzone.org>
Date: Sat, 27 Mar 2004 09:15:17 +0100
Message-id: <[🔎] 1080375316.8675.8.camel@titan.knowzone.org>
In-reply-to: <[🔎] 40646E2D.8020903@lab.epmhs.gr>
References: <[🔎] 40646E2D.8020903@lab.epmhs.gr>

On Fri, 2004-03-26 at 18:53, Costas Magkos wrote:
[...]
> Is there a way to test whether a chroot works? Does anyone know if the 
> above syslog option is really needed? According to the man page of 
> syslog it is needed.

use lsof

# lsof -p [pid number of bind process]

check:

- if the loaded libraries is in the chroot (by cheking the path and/or
the inode)
- if std in/out and err are connected inside the chroot to /dev/null
- there is only one socket to syslog (in the real world)

-- 
JJ van Gorkum                             Knowledge Zone
If UNIX isn't the solution, you've got the wrong problem.

Reply to:

References:
- how to check bind9 chroot
  - From: Costas Magkos <kmag@lab.epmhs.gr>

Prev by Date: Re: how to check bind9 chroot
Next by Date: Re: how to check bind9 chroot
Previous by thread: Re: how to check bind9 chroot
Next by thread: Re: how to check bind9 chroot
Index(es):
- Date
- Thread