From owner-freebsd-security Thu Apr 25 11:22:32 2002 Delivered-To: freebsd-security@freebsd.org Received: from snipe.prod.itd.earthlink.net (snipe.mail.pas.earthlink.net [207.217.120.62]) by hub.freebsd.org (Postfix) with ESMTP id 09D9737B41D for ; Thu, 25 Apr 2002 11:21:29 -0700 (PDT) Received: from user-119aekg.biz.mindspring.com ([66.149.58.144] helo=ns.flncs.com) by snipe.prod.itd.earthlink.net with esmtp (Exim 3.33 #2) id 170nrw-0004qw-00; Thu, 25 Apr 2002 11:21:24 -0700 Received: from mlevy (cylex [12.27.148.78]) by ns.flncs.com (Postfix) with SMTP id 8D6525576; Thu, 25 Apr 2002 14:24:42 -0400 (EDT) Message-ID: <022001c1ec86$42f99430$fd6e34c6@mlevy> From: "Moti" To: "SecLists" , References: <000401c1ec80$ac5c8c80$465d4018@zeus> <1019758146.9372.23.camel@interrogation.ws.pitdc1.stargate.net> Subject: Re: bind9 in a chroot ? Date: Thu, 25 Apr 2002 14:20:09 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "SecLists" To: "Mike Roest" Cc: "'Moti'" ; Sent: Thursday, April 25, 2002 2:09 PM Subject: RE: bind9 in a chroot ? > You can use lsof to view all open files used by named... if you do that > you will see that it is not actually chrooted at all... using the same > option with bind9 built from source on OpenBSD, and chrooted into > /var/named by the -t option: > > (root@doberman) ~ # lsof | grep named > named 18211 named cwd VDIR 0,20 512 1140352 /var > (/dev/wd1e) > named 18211 named rtd VDIR 0,20 512 1140352 /var > (/dev/wd1e) > named 18211 named txt VREG 0,19 5892042 719229 /usr > (/dev/wd1d) > named 18211 named txt VREG 0,19 61440 1374538 > /usr/libexec/ld.so > named 18211 named txt VREG 0,20 6429 1163022 > /var/run/ld.so.hints > named 18211 named txt VREG 0,19 594040 1669247 > /usr/lib/libc.so.26.2 > > You can see that the process is actually accessing files in /usr and > /var that are outside of the chroot jail... > i did not get this part -> ----------------------------------------------------------------- > To do it better than this: > http://www.tldp.org/HOWTO/Chroot-BIND-HOWTO-1.html ------------------------------------------------------------------ what do you mean to do this better than this ? do you have a better way or is this the btter way ? > > thanks, > shawn > > On Thu, 2002-04-25 at 13:43, Mike Roest wrote: > > Yep it is running in the chroot. The -t /etc/chroot shows that. I > > think that's the only real way to tell > > > > --Mike > > > > -----Original Message----- > > From: owner-freebsd-security@FreeBSD.ORG > > [mailto:owner-freebsd-security@FreeBSD.ORG] On Behalf Of Moti > > Sent: Thursday, April 25, 2002 9:55 AM > > To: freebsd-security@freebsd.org > > Subject: bind9 in a chroot ? > > > > > > o.k > > i followed the instructions and i'm quite sure i have it all right ( dns > > working and all ) > > question is : how do i verify that my bind is really running chrooted ? > > will ps -auxw |grep named output -> bind 170 0.0 2.1 3228 2604 ?? > > Ss > > 11:52AM 0:00.12 /usr/local/sbin/named -u bind -c > > /etc/namedb/named.conf -t > > /etc/chroot > > be enough ? > > Moti > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message