Making Bind9 chroot by default

ml at ml at
Tue Mar 13 04:37:47 GMT 2007

Ladies and Gentlemen,

After doing a recent installation of Bind9 and subsequently chrooting it, I had an idea.
Could the Bind9 package be chrooted by default?


1) Security - 	I think we could all agree any process that is chrooted increases security.
2) Convenient - Compared to chrooting Apache for example, all of the files are mostly in 
		one directory and don't need to be accessed by users (e.g. chrooted 
		Apache in /var/www/ and public_html directories in ~)
3) Ease - 	After choosing a directory chroot to all that is needed is a few extra 
		device nodes and a small changes to a few configuration files.

Does anyone have any thoughts on this?


More information about the Ubuntu-motu mailing list