Re: chroot and BIND
From: Devin L. Ganger (devin@thecabal.org)Date: 10/26/01
- Previous message: Geoff Collis: "RE: OpenSSH-2.9.X and GCC-2.95.3"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 26 Oct 2001 05:15:19 -0700 From: "Devin L. Ganger" <devin@thecabal.org> To: focus-sun@securityfocus.com Subject: Re: chroot and BIND Message-ID: <20011026051519.A2329@thecabal.org>
On Tue, Oct 23, 2001 at 05:45:42PM -0700, Joseph Tam wrote:
> 5) Is there a reason to prefer one method over another? If not, method 1
> is by far the easiest and the one I would implement, all other things being
> equal.
Also, why not just use a read-only lofs mount as your jail, with a writeable
filesystem mounted at the jail's /var/named (or wherever) to handle the
files named expects to write?
Combined with a nice configuration to run named as a non-root user on a
high port, and something like http://www.taronga.com/plugdaemon/ to
provide the access to port 53, and it seems you'd have a nice, simple, easy-to-
maintain (well, as easy to maintain as BIND gets) named setup.
-- Devin L. Ganger <devin@thecabal.org> A man, a miss, a car -- a curve, He kissed the miss and missed the curve -- Burma Shave (1948)
- Previous message: Geoff Collis: "RE: OpenSSH-2.9.X and GCC-2.95.3"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
