Number of CPUs detected by Bind 9.4.2 on 4 CPU system running RedHat es 4.
Adam Tkac
atkac at redhat.com
Wed Apr 2 02:57:49 UTC 2008
On Tue, Apr 01, 2008 at 11:20:50AM -0400, Jeff Lightner wrote:
> I'm sorry but doesn't this risk someone getting into your chroot
> environment and changing your SCSI setup or other things which is done
> by echoing things into /proc/scsi/...? If it's really required should
> it be a read only mount? The whole point of chroot is to limit what
> can be accessed if the chroot environment is compromised. Giving direct
> access to something like /proc seems counterintuitive to me.
>
> I feel I'm missing something important here.
>
You're right. It should be mounted read-only. But if named runs under
non-root user it is not needed because only root can change /proc
values (but as you wrote read-only is more secure).
Adam
--
Adam Tkac, Red Hat, Inc.
More information about the bind-users
mailing list