Date: Fri, 15 Dec 2000 18:19:54 -0500 (EST) From: Rob Simmons <rsimmons@wlcg.com> To: Alessandro de Manzano <demanzano@iol.it> Cc: Peter Brezny <peter@sysadmin-inc.com>, freebsd-questions@FreeBSD.ORG Subject: Re: sandbox clarification. Message-ID: <Pine.BSF.4.21.0012151815370.92637-100000@mail.wlcg.com> In-Reply-To: <20001215234751.A305@libero.sunshine.ale>
next in thread | previous in thread | raw e-mail | index | archive | help
Oh, one thing I didn't mention about my bind setup, the directory that I have bind chroot'd in inside of the jail is a separate drive partition mounted as that directory. This way, if the chroot'd bind get penetrated, they won't be able to fill up the drive with garbage, only the partition that bind is running in. :) Robert Simmons Systems Administrator http://www.wlcg.com/ On Fri, 15 Dec 2000, Alessandro de Manzano wrote: > > Sorry for the confusion, I'll use the more clear terminology (unpriviliged > > user, jail, chroot) rather than the lame sandbox descriptor in the future. > > thanks for your clarification! :-) > > > > if you are running named under an unpriviliged user, is it still a good idea > > (worth the extra time and headache) to set it up to run in a chrooted > > environment? > > I guess yes, also if could be a bit "difficult" the first time. > > If that daemon fails and starts crunching your machine, at least does not eat it all :-) > > > -- > > bye! > > Ale > > demanzano@iol.it > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0012151815370.92637-100000>