On Mon, Sep 13, 2004 at 01:03:51PM +0800, Paolo Alexis Falcone said > Now should bind run in a chroot'd environment, an entry using a remote > exploit in bind would be contained inside the confines of the chroot > jail. In theory damage can be compartmentalized to the directory > hosting the jail. Of course if your machine does get compromised its > wise to just reformat the entire system than waste time in > ascertaining trustworthiness of some binaries you'd be using for > 'unrooting' the machine Just to make it clear to everyone: if bind in a chroot gets rooted, the attacker can escape from the chroot and will have root on your main system. If the attacker only gets a normal user account in the chroot, though, they are locked in (unless they find a local root exploit, etc). -rob -- Words of the day: Ron Brown munitions IDEA underground wire transfer global
Attachment:
signature.asc
Description: Digital signature