[Dshield] Re: chroot BIND

Tom Liston tliston at premmag.com
Thu Nov 14 21:10:16 GMT 2002


That's what Johannes described (see the "named" command at the end of 
the description).  But in order to do that, you need to create the 
correct directory structure and move the files from the "real" 
directories into the chrooted directory structure.  Most of the stuff 
in Johannes' description surrounded doing that.

One other thing on top of what Johannes said:  In order to get 
logging working correctly, you might have to use the 

-a /path/to/alternate/dev/directory

parameter with syslogd

-TL

On 14 Nov 2002 at 12:04, Pat Evans wrote:

>   pardon me from rising from my usual lurk mode.
> 
>   Thanks for all the useful info BTW
> 
>   Doesn't BIND allow you to jail the app on its own/
> 
>   I start it up with the options named -u 'username_to_run_as' -t 
> /directory/to/jail.
> 
>   Is there some vulnerability I should be aware of with this setup?
> 
>   thanks in advance
> 
>   Pat Evans
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list





More information about the list mailing list