chroot: any security benefits from a full chroot?

Javier Sanchez Llera jsanchez at myalert.com
Mon Sep 20 11:33:28 UTC 2004


What do you mean with full ???? I dont get the difference .. .-O
Im using -t option, on chroot env cread with all the libs needed..

Cheers

?A
> On 2004-09-20 12:54:15 +0200, Javier Sanchez wrote:
> > And your colleage has exposed any benefits of running the server in a
> > complete environment ??? Im running 3 name server, all under chroot
> > environments and theys are working great, why would you want to expose
> > your system to any bind9 security bug ???
> 
> I don't get you. Are you advocating -t or a full chroot?
> 
> > During the chroot setup, i only found problems searching the strace
> > output to discover all the libs bind9 needed.
> 
> We'll use makejail for this.
> 
> Best regards
>         Martin
-- 
--

Javier Sanchez Llera
Administrador de sistemas
Buongiorno - Myalert
jsanchez at myalert.com



-- Attached file included as plaintext by Ecartis --
-- File: signature.asc
-- Desc: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iQCVAwUAQU7AB7jHJrPiUdHAAQIFDAP9F5sV6Q4Iio8BwpsS32hCF+spGWlXqKld
j79BNb+Ka2UpZQHD3pfmAaG4tl1T+CXaZtuS54NveAfD2fG3BaiMVWZD+j+F3+X/
knPiFguL+OjbVkZs8gdsF5MHsisccWYyC4+0BUnwbucxMQFLnys5hbkTbaCAanB2
H2RuXJZi+W0=
=rBXP
-----END PGP SIGNATURE-----




More information about the bind-users mailing list