chrooting bind9

To: debian-security@lists.debian.org
Subject: chrooting bind9
From: Stefano Salvi <s.salvi@libero.it>
Date: Fri, 03 Jan 2003 18:19:53 +0100
Message-id: <[🔎] 5.1.0.14.0.20030103181322.028de880@popmail.libero.it>

I'm setting up my new server, based on Debian Woody.
I'm setting bind9 in a chroot jail.
There are two chances to do this:
1) using parameter --chroot of 'start-stop-daemon'
2) using parameter -t of bind

In both ways I have to use -u parameter of bind to change user, otherwiseit can't get privileged resources as the 'domain' socket.

Is there a difference in security with one method resspect to the other?
(I used makejail from testing to build up the structure of the jail).
Thank you in advance
        Stefano Salvi

=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=
                        _|_
                     ----O----
Ing. Stefano Salvi           mailto:s.salvi@libero.it
Viale L. Vaschi, 15    mailto:stefano.salvi@inwind.it
46100 Mantova (MN)            mailto:salvi@itis.mn.it
+39 0376 321572      http://digilander.iol.it/salvis/
+39 0347 3820490        http://www.salvi.mn.it/stefano/

Reply to:

Follow-Ups:
- Re: chrooting bind9
  - From: Mark Ferlatte <ferlatte@cryptio.net>

Prev by Date: Putting Apache, PHP, Tomcat and CGI in a jail
Next by Date: Re: Putting Apache, PHP, Tomcat and CGI in a jail
Previous by thread: Re: Putting Apache, PHP, Tomcat and CGI in a jail
Next by thread: Re: chrooting bind9
Index(es):
- Date
- Thread