RHL71, Webmin 0.88 and BIND 9
brad.knowles at skynet.be
Wed Oct 3 22:58:49 UTC 2001
At 8:19 AM -0700 10/3/01, Phlip Wards wrote:
> Another question about views: If someone were to break bind9 and gain
> access to the file system, would it be safer if the attacker only had
> access to the files that hold the external records? Since the files
> that hold the internal records are on another file system that the
> attacker should not have access to, wouldn't it be harder to determine
> that make up of the internal network?
Take a look at the history of known computer security attacks.
Something like 99% of all known attacks involve taking a machine
where you have some limited level of access and doing something to
increase your level of access, so that you can then completely take
over the machine.
Yes, you want to chroot your copy of BIND, and you want to have
it run as a non-privileged user. But consider that once they're on
the machine (even as a chrooted unprivileged user), it's only a
matter of time before they own the whole thing -- in most cases,
probably a matter of just a few seconds.
Brad Knowles, <brad.knowles at skynet.be>
More information about the bind-users