Re: chroot and BIND

From: Heather Flanagan (hlf00@earthlink.net)
Date: 10/18/01


Message-ID: <20011018201142.17217.qmail@earthlink.net>
From: "Heather Flanagan" <hlf00@earthlink.net>
To: focus-sun@securityfocus.com
Date: Thu, 18 Oct 2001 16:11:42 -0400
Subject: Re: chroot and BIND


> I had this happen to me a few months ago. What was happening was the
> chroot jail was not completely configured with respect to local time. When
> this happens, the chroot'd version of bind uses GMT time instead of local
> time which looks really strange in syslog. In my case the chroot'd
> /etc/TIMEZONE file was correct, but I discovered that the chroot jail
> version of /usr/share/lib/zoneinfo directory was empty. I copied the
> contents of /usr/share/lib/zoneinfo to the chroot jail version of
> /usr/share/lib/zoneinfo directory and the time stamps were written
> correctly.
>

Sure enough, that fixed it - many many thanks! The server itself is out in California, I'm on the other side of the country, in North Carolina.

Would there be any security ramifications to having a copy of the entire /usr/share/lib/zoneinfo in the chroot jail? I'm honestly not sure which one(s) I'd need to keep.

-heather f.

--