Rendering BIND 8.2.3 ultra secure

Kevin Darcy kcd at daimlerchrysler.com
Thu Feb 1 01:46:06 UTC 2001


Not to nitpick, but compiling named and named-xfer statically doesn't really
buy you anything in terms of security, assuming that the shared libraries in
the chroot jail aren't writable by unprivileged users. The main purpose of
static linking in this context is to make the construction of the chroot
jail slightly easier, at the cost of bloating named and named-xfer
substantially. Personally, when I set up chroot jails, I don't bother with
static linking; I just make sure the correct shared libraries are securely
installed in the chroot jail.


- Kevin

Patrick Gilbert wrote:

> Hi,
>
> Just thought i'd put something up on how to install bind 8.2.3 as an
> underpriveledged user in a chroot jail with static named and named-xfer
> binairies. This particular example is for Solaris sparc 2.6.
>
> This way of installing bind should calm the worried IT manager, scared by
> the newest doom and gloom bind bugs.
>
> http://www.pgci.ca/p_bind.html
>
> Comments are welcome as always,
>
> Cheers,
>
> --
> Patrick Gilbert                                     +1 (514) 396-4747
> CEO, PGCI                                          http://www.pgci.ca
> Montreal (QC), Canada CE AB B2 18 E0 FE C4 33  0D 9A AC 18 30 1F D9 1A





More information about the bind-users mailing list