Date: Sun, 19 Aug 2001 13:42:10 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: setantae <setantae@submonkey.net> Cc: Ted Mittelstaedt <tedm@toybox.placo.com>, freebsd-questions@FreeBSD.ORG Subject: Re: chroot'ing named(8) Message-ID: <20010819134210.B313@blossom.cjclark.org> In-Reply-To: <20010819211426.A689@rhadamanth>; from setantae@submonkey.net on Sun, Aug 19, 2001 at 09:14:26PM %2B0100 References: <20010817122110.A11537@rhadamanth> <001c01c1281a$06987500$1401a8c0@tedm.placo.com> <20010819211426.A689@rhadamanth>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Aug 19, 2001 at 09:14:26PM +0100, setantae wrote: [snip] > Are you saying that an extra layer of security is pointless, so chroot'ing > named _should_ be hard ? Can't tell you what everyone else was saying, but I'd say since FreeBSD's jail(8) is available, your best option is to run named(8) a jail(8). chroot'ing can be broken out of if the attacker gains root. There is no known method of breaking out of a well constructed jail(8). -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010819134210.B313>