Date: Thu, 3 Sep 2009 08:08:07 -0400 From: John Baldwin <jhb@freebsd.org> To: freebsd-stable@freebsd.org Cc: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>, FLEURIOT Damien <ml@my.gd>, Doug Barton <dougb@freebsd.org>, freebsd-jail@freebsd.org Subject: Re: Not getting an IPv6 in a jail Message-ID: <200909030808.08440.jhb@freebsd.org> In-Reply-To: <4A9E98AD.1070202@FreeBSD.org> References: <ff6efe7e0909011230i414b6791k707f5c58383e9b53@mail.gmail.com> <20090902160440.GA28417@sd-13813.dedibox.fr> <4A9E98AD.1070202@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 02 September 2009 12:09:17 pm Doug Barton wrote: > FLEURIOT Damien wrote: > > > BIND's now happily running in its jail and responding to public > > queries. > > It's up to you if you choose to do it, but there is no reason to run > BIND in a jail. The chroot feature provided by default by rc.d/named > is quite adequate security. That is debatable. One of the chief benefits of a jail is that if a server is compromised so that an attacker can gain root access that root access is limited in what it can do compared to a simple chroot. That is true for any server you would run under a jail, not just BIND. -- John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200909030808.08440.jhb>