[Dshield] bind chroot 'script'
patrick.oonk at pine.nl
Fri Nov 15 08:45:52 GMT 2002
On Thu, Nov 14, 2002 at 09:32:29AM -0500, Johannes Ullrich wrote:
> ok. here a little script to run 'named' in a chroot jail. I keep
> this around for RedHat 7.3 machines, but it should work more or
> less on most Linux machines.
> cd ../lib
> cp /lib/ld-linux.so.2 .
> cp /lib/libc.so.6 .
> ( the exact libraries you need may varie. For a complete list, run
> 'ldd /usr/sbin/named'. Some libraries may need to go into usr/lib,
> not lib )
If you compile Bind statically you don't need to place the libraries
in lib. This is done by going into the directory
/src/port/<your-os> of Bind and editing the file Makefile.set.
Add -static to the CDEBUG variable:
CDEBUG= -O2 -static
Then (re)compile Bind.
Patrick Oonk - Pine Digital Security - patrick.oonk at pine.nl
T:+31-70-3111010 - F:+31-70-3111011 - Read news at http://security.nl
PGPid A4E74BBF fp A7CF 7611 E8C4 7B79 CA36 0BFD 2CB4 7283 A4E7 4BBF
Excuse of the day: Vendor no longer supports the product
More information about the list