On Mon, 13 Sep 2004 05:42:55 +0200, Olav <[EMAIL PROTECTED]> wrote:
> Do most people who run bind or bind9 on Debian, recompile the program to
> run in a chroot environment ("jail")? Or perhaps, should this not be
> necessary in Sarge because it has other defenses in place?There's no need to recompile debian's bind package to execute bind inside a chroot'd jail. However, I'm not sure if the default Bind install in Sarge runs bind chroot'ed, although they've already built the necessary facilities to run it chrooted (seen it in my Woody servers). > Running bind this way is a recommendation that you can often read about. > I also wonder what the *real* dangers would be from exposing bind to the > outside world. What bad things can happen, and could bind in fact be a > starting point for someone to break into a system? I have not seen too > much real world information about this so far (I could have looked in > the wrong places of course...) As we already know, binding applications to use the privileged ports (ports lower than 1024) would need root privileges (normally that is). Now, assuming that you've got bind running as root, a remotely-exploitable bug in bind can be used as a mechanism to gain entry to the system. And since bind would run as root - hello you're already 0wned! :D Now should bind run in a chroot'd environment, an entry using a remote exploit in bind would be contained inside the confines of the chroot jail. In theory damage can be compartmentalized to the directory hosting the jail. Of course if your machine does get compromised its wise to just reformat the entire system than waste time in ascertaining trustworthiness of some binaries you'd be using for 'unrooting' the machine -- Paolo Alexis Falcone [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
