named and /proc
Matthew Saltzman
mjs at ces.clemson.edu
Sun Oct 9 00:48:11 UTC 2005
On Sun, 9 Oct 2005, Tim wrote:
> On Sat, 2005-10-08 at 09:07 -0500, akonstam at trinity.edu wrote:
>
>> 2. A link that can only be followed by root between /etc/named.conf
>> and /var/named/chroot/etc/named.conf
>
> Nothing other than root and named ought to be able to read named's
> files. Again, because of the chrooted named environment, named can't
> read /etc. Named has its configuration file in its chrooted
> environment, instead (/var/named/chroot/etc) and there's a link pointing
> to it from /etc/ for anything else (such as us) that would like to
> use /etc/named.conf.
>
> I'm not overly convinced of the worth of chrooting named. While it may
> stop some fault in named from exploiting the system, that won't some
> other fault from being able to changed named's files. Are we going to
> chroot everything??
No, we're going to use SELinux instead.
--
Matthew Saltzman
Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs
More information about the fedora-list
mailing list