On Wednesday 02 September 2009 12:09:17 pm Doug Barton wrote: > FLEURIOT Damien wrote: > > > BIND's now happily running in its jail and responding to public > > queries. > > It's up to you if you choose to do it, but there is no reason to run > BIND in a jail. The chroot feature provided by default by rc.d/named > is quite adequate security.
That is debatable. One of the chief benefits of a jail is that if a server is compromised so that an attacker can gain root access that root access is limited in what it can do compared to a simple chroot. That is true for any server you would run under a jail, not just BIND. -- John Baldwin _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
