bind and fc6
Stuart Sears
stuart at sjsears.com
Fri Feb 2 14:51:17 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Tim wrote:
> The idea is that if someone manages to exploit BIND, it can't mess up
> the rest of your system, as it's locked in a jail. It's not about
> protecting BIND from something else.
>
> NB: It's not 100% locked up, people do find ways to break out of chroot
> jails.
True but AFAIK you need root privileges to do this and named drops these as
soon as it is chrooted.
The other thing protecting bind by default on FC6 is the SELinux policy.
even if an attacker managed to exploit named and break out of the chroot
this will constrain what he/she is able to do.
regards
Stuart
- --
Stuart Sears RHCA RHCSS RHCX PEBKAC STFU
"Quit worrying about your health. It'll go away."
- - Robert Orben
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFFw0/lamPtx1brPQ4RAuUPAJsEibCiu+o1v7GMsgTaUyhCBTCv5ACfXpPX
5tNYCjDNp+8NjpCbuIYRfNo=
=zMTn
-----END PGP SIGNATURE-----
More information about the fedora-list
mailing list