On Sat, Oct 02, 2004 at 07:44:02PM -0700, Karsten M. Self wrote: > While I find chroot _installs_ of Debian, as a way of getting the distro > onto a computer, useful, I wouldn't run a production system as a whole > in chroot mode. Specific services (e.g.: bind), sure, but that's a > specialized subcase. I see this referred to a lot, and it puzzles me. Bind is a DNS server, right? Why is a DNS server such a security risk that it should be run in a chroot jail? Is bind - "the most widely used name server software on the Internet" - really that buggy? Or have I got the wrong end of the stick? -- Pigeon Be kind to pigeons Get my GPG key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x21C61F7F
Attachment:
signature.asc
Description: Digital signature