bind chrooted, logging and SELinux = suffering

Kevin Darcy kcd at
Tue Jun 7 23:30:40 UTC 2005

Jason Vas Dias wrote:

>On Thu, 2005-06-02 at 07:25, Pete Ehlke wrote:
>>In other words, you have not identified any "known security
>>vulnerabilities' in current BIND. As a matter of policy, running
>>networked services inside a chroot, a jail, or a zone is a prudent
>>thing. But please stop using alarmist phrases like "Red Hat ships BIND
>>with maximum security protection enabled,to counter known security 
>>vulnerabilities." There are no known security vulnerabilities in modern
>So why is it a "prudent thing" to run BIND in a chroot jail, if there
>are no security reasons for it ?
Um, isn't that obvious? Because of the *UNKNOWN* security 
vulnerabilities that may potentially be discovered in the future.

                                                - Kevin

More information about the bind-users mailing list