Where can i find THe BIND folder?
Paul Howarth
paul at city-fan.org
Fri Jan 13 14:21:49 UTC 2006
Chasecreek Systemhouse wrote:
> On 1/13/06, Paul Howarth <paul at city-fan.org> wrote:
>
>>Chasecreek Systemhouse wrote:
>>
>>>On 1/13/06, Justin Willmert <justin at jdjlab.com> wrote:
>>>
>>>
>>>
>>>>/var/named/chroot/etc/named.conf (config file)
>>>>/var/named/chroot/var/named/ (zone files dir)
>>>
>>>
>>>It should not be chrooted if SELinux is enabled.
>>
>>Whyever not?
>>
>>
>>>And SELinux is more secure than a chrooted name server.
>>
>>And chrooted+SELinux is more secure still. Layers of defence and all that.
>
>
> LOL =)
>
> In case no one read the named man page -- improperly set-up named
> servers running as root can break out of chroot jail.
True, but the default configuration in Fedora is to run as user "named"
rather than user "root", so people would have to go out of their way to
make their setup insecure in this way.
Paul.
More information about the fedora-list
mailing list