chroot jail question..

Kevin Darcy kcd at daimlerchrysler.com
Tue Aug 16 21:30:59 UTC 2005


blrmaani wrote:

>I was under the impression that UNIX processes started
>as a root process can access ports upto 10XX. 
>
Superuser processes can access all ports.

>When I ran BIND
>in chroot jail 
>
Chroot has no bearing on this.

>( user=named, group=named), the named process can
>still access default port=53 and default control port=953.
>
53 = DNS (Internet protocol)
953 = rndc (proprietary BIND protocol)

>How does this work?
>
It bound to those ports before it dropped its superuser privileges. Note 
that it cannot bind to any *new* address/port combinations, which could 
be a problem if you have interfaces appearing dynamically.

                                                                         
   - Kevin




More information about the bind-users mailing list