postfix chrooted, bind not
Jamie Strandboge
jamie at canonical.com
Thu Jul 10 09:52:07 UTC 2008
On Mon, 07 Jul 2008, Andreas Hasenack wrote:
> Any particular reason why ubuntu ships postfix chrooted by default, but
> not bind? The security history of these two differs significantly.
>
IIRC, chrooted bind breaks various configurations. This was identified as
a significant issue and as of hardy, bind9 comes with an enforcing apparmor
profile by default, which effectivly protects bind9 in much the same way
a chroot would.
Jamie
--
Ubuntu Security Engineer | http://www.ubuntu.com/
Canonical Ltd. | http://www.canonical.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20080710/bd0e960c/attachment.pgp>
More information about the ubuntu-server
mailing list