bind chrooted, logging and SELinux = suffering
kcd at daimlerchrysler.com
Tue Jun 7 23:30:40 UTC 2005
Jason Vas Dias wrote:
>On Thu, 2005-06-02 at 07:25, Pete Ehlke wrote:
>>In other words, you have not identified any "known security
>>vulnerabilities' in current BIND. As a matter of policy, running
>>networked services inside a chroot, a jail, or a zone is a prudent
>>thing. But please stop using alarmist phrases like "Red Hat ships BIND
>>with maximum security protection enabled,to counter known security
>>vulnerabilities." There are no known security vulnerabilities in modern
>So why is it a "prudent thing" to run BIND in a chroot jail, if there
>are no security reasons for it ?
Um, isn't that obvious? Because of the *UNKNOWN* security
vulnerabilities that may potentially be discovered in the future.
More information about the bind-users