Gordon Tetlow <[EMAIL PROTECTED]> writes:
> Correct me if I'm wrong, but this is only a sandbox (run as a different
> user) while this person wants to set up a true chroot environment.
> Personally, I think that the former is adequete as nothing else on the box
> is owned by the bind user.
Are you absolutely certain your box doesn't have a local root
vulnerability? For instance, are you running a recent -STABLE (which
is believed to be secure), or are you running e.g. 4.1.1-RELEASE
(which has an exploitable buffer overflow in the procfs code)? Run
BIND in a jail, or a chroot if you can't set up a jail.
DES
--
Dag-Erling Smorgrav - [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message
