chroot: any security benefits from a full chroot?

Martin Schröder ms at artcom-gmbh.de
Mon Sep 20 11:03:34 UTC 2004


On 2004-09-20 12:54:15 +0200, Javier Sanchez wrote:
> And your colleage has exposed any benefits of running the server in a
> complete environment ??? Im running 3 name server, all under chroot
> environments and theys are working great, why would you want to expose
> your system to any bind9 security bug ???

I don't get you. Are you advocating -t or a full chroot?

> During the chroot setup, i only found problems searching the strace
> output to discover all the libs bind9 needed.

We'll use makejail for this.

Best regards
        Martin
-- 
               Martin Schröder, ms at artcom-gmbh.de
     ArtCom GmbH, Lise-Meitner-Str 5, 28359 Bremen, Germany
          Voice +49 421 20419-44 / Fax +49 421 20419-10
                    http://www.artcom-gmbh.de


More information about the bind-users mailing list