> That's a nice try, but the example is a C program that is calling the
> chroot() system call, not the binary in /usr/sbin.
rainboooows! ;)
so, how do you protect a machine at all then? are we just fooling
ourselves that a chroot()ed bind is any safer ??
i gather the best security we get is something that chroot()s, drops
it's privelages and then doesn't give up a root shell when exploited...
later
marty
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
