Running anything chrooted as root is pointless. root can break out of a chroot
in <1 second. Kriminy, securityportal has 3+ articles on securing bind, I
suggest you look at them.
Kurt Seifried, seifried@securityportal.com
Securityportal - your focal point for security on the 'net
----- Original Message -----
From: "Björn Engels"
To:
Sent: Saturday, March 10, 2001 10:38 AM
Subject: [suse-security] compartment and bind8
Hi !
I am running the latest bind8 rpm package from SuSE and I
want to put it into a chrooted environment with Marc's
"compartment". I am wondering if it is safer if I run bind
as user root, but chrooted, or if I run it normally, but as
user named. Removing the caps option and adding --user named
--group named does not work, because the server isn't allowed
to bind to ports < 1024.
So what to do ?
Björn
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribe@suse.com
For additional commands, e-mail: suse-security-help@suse.com