can't exec /usr/sbin/named-xfer: Permission denied
Brad Knowles
brad.knowles at skynet.be
Tue Mar 27 23:56:13 UTC 2001
At 5:42 PM -0600 3/27/01, Brian Elliott Finley wrote:
> Yes, yes. I am aware of the exploits, but not too worried because it's
> in jail and the file structure is re-created whenever it's restarted.
Problem is, chroot() jails can be escaped, especially if you can
get root privileges in the jail. Indeed, by far the vast majority of
security breaches involved taking an existing account (privileged or
not) and then using that to exceed your level of authorized access to
gain root privilege.
Having a chroot() jail is no excuse for doing everything you
possibly can to keep people off the machine in the first place.
Indeed, the single most important thing you can do is to do
everything possible to keep them off the machine in the first place
-- a chroot() jail is only a second level of protection for those
cases where someone comes along with a new exploit that hasn't yet
been fixed in the public version.
--
Brad Knowles, <brad.knowles at skynet.be>
/* efdtt.c Author: Charles M. Hannum <root at ihack.net> */
/* Represented as 1045 digit prime number by Phil Carmody */
/* Prime as DNS cname chain by Roy Arends and Walter Belgers */
/* */
/* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
/* where title-key = "153 2 8 105 225" or other similar 5-byte key */
dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'
More information about the bind-users
mailing list