Date: Tue, 21 Aug 2001 07:58:47 -0700 (PDT) From: David Kirchner <davidk@accretivetg.com> To: "Karsten W. Rohrbach" <karsten@rohrbach.de> Cc: Koji <koji@ciberteca.com>, <freebsd-security@FreeBSD.ORG> Subject: Re: chroot named Message-ID: <20010821075533.M38221-100000@localhost> In-Reply-To: <20010821175802.T45276@mail.webmonster.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 21 Aug 2001, Karsten W. Rohrbach wrote: > compiling with LDFLAGS set to include the "-static" option would surely > help for chrooting the process... Yeah, that's a good step to take as well, although it takes more disk space. Hardlinks work into chroot'd directories (as long as the usual requirements for hardlinks are met), so you can just do: cd /usr/chroot-named mkdir -p usr/lib usr/sbin usr/libexec ln /usr/lib/libc.so.3 usr/lib # (or 4) ln /usr/sbin/named usr/sbin ln /usr/libexec/named-xfer usr/libexec > upgrading would surely help, too > > /k Do later versions of bind come with static binaries automatically? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010821075533.M38221-100000>