Making Bind9 chroot by default
ml at kenweb.org
ml at kenweb.org
Tue Mar 13 04:37:47 GMT 2007
Ladies and Gentlemen,
After doing a recent installation of Bind9 and subsequently chrooting it, I had an idea.
Could the Bind9 package be chrooted by default?
Rationale:
1) Security - I think we could all agree any process that is chrooted increases security.
2) Convenient - Compared to chrooting Apache for example, all of the files are mostly in
one directory and don't need to be accessed by users (e.g. chrooted
Apache in /var/www/ and public_html directories in ~)
3) Ease - After choosing a directory chroot to all that is needed is a few extra
device nodes and a small changes to a few configuration files.
Does anyone have any thoughts on this?
-Andrew
More information about the Ubuntu-motu
mailing list