Is chroot bind safe?

Doug Barton DougB at DougBarton.net
Fri Jan 24 06:02:22 UTC 2003


On Fri, 24 Jan 2003, Mark wrote:

> Hi,
>
> On FreeBSD 4.7, I just chrooted a BIND 8.3.3 as follows:
>
> /usr/sbin/chroot /etc/namedb/ /usr/sbin/named -u bind -g bind
>
> I copied a few dirs, made some devices, etc, and everything seems to run
> wonderfully. :) Then I found the -t switch (doh!).
>
> Not wanting to change everything again, is chrooting "named" directly just
> as safe?

In my opinion, it's safer to use -t, since that leaves less stuff in the
chroot'ed directory to get compromised.

-- 
   "We have known freedom's price. We have shown freedom's power.
      And in this great conflict, ...  we will see freedom's victory."
	- George W. Bush, President of the United States
          State of the Union, January 28, 2002

         Do YOU Yahoo!?



More information about the bind-users mailing list