On Mon, 07 Jul 2008, Andreas Hasenack wrote: > Any particular reason why ubuntu ships postfix chrooted by default, but > not bind? The security history of these two differs significantly. > IIRC, chrooted bind breaks various configurations. This was identified as a significant issue and as of hardy, bind9 comes with an enforcing apparmor profile by default, which effectivly protects bind9 in much the same way a chroot would.
Jamie -- Ubuntu Security Engineer | http://www.ubuntu.com/ Canonical Ltd. | http://www.canonical.com/
signature.asc
Description: Digital signature
-- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
