On 07/11/2011 05:08, Ilya Bakulin wrote:
> chroot constraints only filesystem namespace, but doesn't prevent process
> from sending/receiving data via network,
... which is kind of important for DNS software. :)
> or from accessing other global
> namespaces such as PID namespace, SHM namespace, and from executing any
> system calls.
Fair enough, although I'd love to see an actual threat analysis before I
concluded that BIND should be close to the top of the list.
Thanks for the response,
Doug
--
Nothin' ever doesn't change, but nothin' changes much.
-- OK Go
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[email protected]"
