Re: bind9 in a chroot ?
From: Moti (moti@flncs.com)
Date: 04/25/02
- Next message: Shawn Duffy: "Re: bind9 in a chroot ?"
- Previous message: SecLists: "RE: bind9 in a chroot ?"
- In reply to: SecLists: "RE: bind9 in a chroot ?"
- Next in thread: Shawn Duffy: "Re: bind9 in a chroot ?"
- Reply: Shawn Duffy: "Re: bind9 in a chroot ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Moti" <moti@flncs.com> To: "SecLists" <lists@secure.stargate.net>, <freebsd-security@freebsd.org> Date: Thu, 25 Apr 2002 14:20:09 -0400
----- Original Message -----
From: "SecLists" <lists@secure.stargate.net>
To: "Mike Roest" <bsd-lists@blahz.ab.ca>
Cc: "'Moti'" <moti@flncs.com>; <freebsd-security@freebsd.org>
Sent: Thursday, April 25, 2002 2:09 PM
Subject: RE: bind9 in a chroot ?
> You can use lsof to view all open files used by named... if you do that
> you will see that it is not actually chrooted at all... using the same
> option with bind9 built from source on OpenBSD, and chrooted into
> /var/named by the -t option:
>
> (root@doberman) ~ # lsof | grep named
> named 18211 named cwd VDIR 0,20 512 1140352 /var
> (/dev/wd1e)
> named 18211 named rtd VDIR 0,20 512 1140352 /var
> (/dev/wd1e)
> named 18211 named txt VREG 0,19 5892042 719229 /usr
> (/dev/wd1d)
> named 18211 named txt VREG 0,19 61440 1374538
> /usr/libexec/ld.so
> named 18211 named txt VREG 0,20 6429 1163022
> /var/run/ld.so.hints
> named 18211 named txt VREG 0,19 594040 1669247
> /usr/lib/libc.so.26.2
>
> You can see that the process is actually accessing files in /usr and
> /var that are outside of the chroot jail...
>
i did not get this part ->
-----------------------------------------------------------------
> To do it better than this:
> http://www.tldp.org/HOWTO/Chroot-BIND-HOWTO-1.html
------------------------------------------------------------------
what do you mean to do this better than this ?
do you have a better way or is this the btter way ?
>
> thanks,
> shawn
>
> On Thu, 2002-04-25 at 13:43, Mike Roest wrote:
> > Yep it is running in the chroot. The -t /etc/chroot shows that. I
> > think that's the only real way to tell
> >
> > --Mike
> >
> > -----Original Message-----
> > From: owner-freebsd-security@FreeBSD.ORG
> > [mailto:owner-freebsd-security@FreeBSD.ORG] On Behalf Of Moti
> > Sent: Thursday, April 25, 2002 9:55 AM
> > To: freebsd-security@freebsd.org
> > Subject: bind9 in a chroot ?
> >
> >
> > o.k
> > i followed the instructions and i'm quite sure i have it all right ( dns
> > working and all )
> > question is : how do i verify that my bind is really running chrooted ?
> > will ps -auxw |grep named output -> bind 170 0.0 2.1 3228 2604 ??
> > Ss
> > 11:52AM 0:00.12 /usr/local/sbin/named -u bind -c
> > /etc/namedb/named.conf -t
> > /etc/chroot
> > be enough ?
> > Moti
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
> >
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
>
>
>
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Shawn Duffy: "Re: bind9 in a chroot ?"
- Previous message: SecLists: "RE: bind9 in a chroot ?"
- In reply to: SecLists: "RE: bind9 in a chroot ?"
- Next in thread: Shawn Duffy: "Re: bind9 in a chroot ?"
- Reply: Shawn Duffy: "Re: bind9 in a chroot ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
