can't exec /usr/sbin/named-xfer: Permission denied

Brad Knowles brad.knowles at
Tue Mar 27 23:56:13 UTC 2001

At 5:42 PM -0600 3/27/01, Brian Elliott Finley wrote:

>  Yes, yes.  I am aware of the exploits, but not too worried because it's
>  in jail and the file structure is re-created whenever it's restarted.

	Problem is, chroot() jails can be escaped, especially if you can 
get root privileges in the jail.  Indeed, by far the vast majority of 
security breaches involved taking an existing account (privileged or 
not) and then using that to exceed your level of authorized access to 
gain root privilege.

	Having a chroot() jail is no excuse for doing everything you 
possibly can to keep people off the machine in the first place.

	Indeed, the single most important thing you can do is to do 
everything possible to keep them off the machine in the first place 
-- a chroot() jail is only a second level of protection for those 
cases where someone comes along with a new exploit that hasn't yet 
been fixed in the public version.

Brad Knowles, <brad.knowles at>

/*        efdtt.c  Author:  Charles M. Hannum <root at>          */
/*       Represented as 1045 digit prime number by Phil Carmody         */
/*     Prime as DNS cname chain by Roy Arends and Walter Belgers        */
/*                                                                      */
/*     Usage is:  cat title-key scrambled.vob | efdtt >clear.vob        */
/*   where title-key = "153 2 8 105 225" or other similar 5-byte key    */

dig|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'

More information about the bind-users mailing list