Re: bind and fc6

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tim wrote:
> The idea is that if someone manages to exploit BIND, it can't mess up
> the rest of your system, as it's locked in a jail.  It's not about
> protecting BIND from something else.
> 
> NB:  It's not 100% locked up, people do find ways to break out of chroot
> jails.

True but AFAIK you need root privileges to do this and named drops these as
soon as it is chrooted.

The other thing protecting bind by default on FC6 is the SELinux policy.
even if an attacker managed to exploit named and break out of the chroot
this will constrain what he/she is able to do.

regards

Stuart
- --
Stuart Sears RHCA RHCSS RHCX PEBKAC STFU
"Quit worrying about your health. It'll go away."
- - Robert Orben
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFFw0/lamPtx1brPQ4RAuUPAJsEibCiu+o1v7GMsgTaUyhCBTCv5ACfXpPX
5tNYCjDNp+8NjpCbuIYRfNo=
=zMTn
-----END PGP SIGNATURE-----


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux