BIND: limiting recursion just might make things harder for spammers

• Previous message: BIND: limiting recursion just might make things harder for spammers
• Next message: BIND: limiting recursion just might make things harder for spammers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Nov 18, 2002 at 09:37:24AM -0800, Mark Allen wrote:
> On Sun, Nov 17, 2002 at 08:24:01PM -0800, Rick Moen wrote:
> > the OpenBSD variant of BIND4 has been doing a damned good job 
> > at plugging the incessant holes in that codebase (and runs it chrooted).
> 
> Generally true and chrooting is good, especially for BIND 4. :)

If memory serves, Bind 4 runs as root.
As a result, the chroot is mostly useless unless you run grsecurity and
you have configured it accordingly
For that matter, I remember a bind exploit that would escape a chroot
jail before doing anything else.

Marc
-- 
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking 
Home page: http://marc.merlins.org/   |   Finger marc_f at merlins.org for PGP key
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: not available
URL: <http://www.baylisa.org/pipermail/baylisa/attachments/20021124/85c9c307/attachment.bin>

• Previous message: BIND: limiting recursion just might make things harder for spammers
• Next message: BIND: limiting recursion just might make things harder for spammers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]