Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 19 Aug 2001 13:42:10 -0700
From:      "Crist J. Clark" <cristjc@earthlink.net>
To:        setantae <setantae@submonkey.net>
Cc:        Ted Mittelstaedt <tedm@toybox.placo.com>, freebsd-questions@FreeBSD.ORG
Subject:   Re: chroot'ing named(8)
Message-ID:  <20010819134210.B313@blossom.cjclark.org>
In-Reply-To: <20010819211426.A689@rhadamanth>; from setantae@submonkey.net on Sun, Aug 19, 2001 at 09:14:26PM %2B0100
References:  <20010817122110.A11537@rhadamanth> <001c01c1281a$06987500$1401a8c0@tedm.placo.com> <20010819211426.A689@rhadamanth>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Aug 19, 2001 at 09:14:26PM +0100, setantae wrote:

[snip]

> Are you saying that an extra layer of security is pointless, so chroot'ing
> named _should_ be hard ?

Can't tell you what everyone else was saying, but I'd say since
FreeBSD's jail(8) is available, your best option is to run named(8) a
jail(8). chroot'ing can be broken out of if the attacker gains
root. There is no known method of breaking out of a well constructed
jail(8). 
-- 
Crist J. Clark                           cjclark@alum.mit.edu

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010819134210.B313>