[Dshield] bind chroot 'script'

Patrick Oonk patrick.oonk at pine.nl
Fri Nov 15 08:45:52 GMT 2002

On Thu, Nov 14, 2002 at 09:32:29AM -0500, Johannes Ullrich wrote:
> ok. here a little script to run 'named' in a chroot jail. I keep
> this around for RedHat 7.3 machines, but it should work more or
> less on most Linux machines.
> cd ../lib
> cp /lib/ld-linux.so.2 .
> cp /lib/libc.so.6 .
> ( the exact libraries you need may varie. For a complete list, run
>   'ldd /usr/sbin/named'. Some libraries may need to go into usr/lib,
>    not lib )

If you compile Bind statically you don't need to place the libraries 
in lib. This is done by going into the directory
/src/port/<your-os> of Bind and editing the file Makefile.set. 

Add -static to the CDEBUG variable:
CDEBUG= -O2 -static 

Then (re)compile Bind.

 Patrick Oonk    -   Pine Digital Security    -   patrick.oonk at pine.nl
 T:+31-70-3111010 - F:+31-70-3111011 - Read news at http://security.nl 
 PGPid A4E74BBF  fp A7CF 7611 E8C4 7B79 CA36  0BFD 2CB4 7283 A4E7 4BBF
 Excuse of the day: Vendor no longer supports the product

More information about the list mailing list