Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]> writes: > On Tue, Jan 15, 2002 at 10:21:00AM +0100, Tarjei wrote: > > > >> > >> >I recall there being discussion a while back about packaging chroot >> >bind. I don't know whether or not anything came of it at all. There is >> > >> Debian being what it is, are there any reasons why the debian bind >> package should not be chroot as the default instalation? > > RTFM. That is: > http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html#s-sec-bind > > :)
| Regarding limiting BIND's privileges you must be aware that if a | non-root user runs BIND, then BIND cannot detect new interfaces | automatically. For example, if you stick a PCMCIA card into your laptop. Like anyone would really want to run bind automatically on all transient interfaces... It's a *service*, to be run on *serv-ers*! If you want a named listening on such an interface, the due pain is deserved, IMHO. (I've been meaning to get that off my chest for a few months :8) The above URL links to a bug, <http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no\&bug=50013>, which seems to imply that chroot()ed behaviour will be expected ere long. Have I missed it, or shall I carry on hoping? :) [snip] ~Tim -- <http://spodzone.org.uk/>