[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Chroot Debian

On Sat, Oct 02, 2004 at 07:44:02PM -0700, Karsten M. Self wrote:
> While I find chroot _installs_ of Debian, as a way of getting the distro
> onto a computer, useful, I wouldn't run a production system as a whole
> in chroot mode.  Specific services (e.g.:  bind), sure, but that's a
> specialized subcase.

I see this referred to a lot, and it puzzles me. Bind is a DNS server,
right? Why is a DNS server such a security risk that it should be run
in a chroot jail? Is bind - "the most widely used name server software
on the Internet" - really that buggy? Or have I got the wrong end of
the stick?


Be kind to pigeons
Get my GPG key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x21C61F7F

Attachment: signature.asc
Description: Digital signature

Reply to: