Martin wrote:
>
> > ... and here I was expecting you to say "but how do you compile a C
> > program in a chrooted environment", and I was going to say "well okay,
> > you do have a point, so the end result would be the same chicken/egg
> > problem with one needing a binary to get out of the chroot", which
> > either Terry, Crossfire or Angus would rebuke further... etc, etc.
>
> well, what is stopping that same program compiled on a similar box being
> downloaded and run from within the chroot environment...
>
> so, you then remove all means of transferring files from within the
> chroot environment...
Is this possible to do this?
For instance, if we are running bind in a chroot jail,
is it plausible for a hacker to exploit some buffer overflow problem to
transmit and execute a binary file to break out of the chroot jail?
> where do you stop??? ...my head hurts!
>
> > I'd imagine that a chrooted bind that isn't running as root would be
> > safer.
> ^^^^^
>
> emphasis on the "safer" which != "safe"...
>
> on the subject of bind, has anyone researched the alternatives to bind?
> anyone used djbdns?
What about bind 9.1 ? (http://www.isc.org/products/BIND/bind9.html)
It claims to be a complete rewrite. Is anyone using it?
Regards,
Sonam
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
