On Sun, 9 Oct 2005, Tim wrote:
On Sat, 2005-10-08 at 09:07 -0500, akonstam@xxxxxxxxxxx wrote:
2. A link that can only be followed by root between /etc/named.conf
and /var/named/chroot/etc/named.conf
Nothing other than root and named ought to be able to read named's
files. Again, because of the chrooted named environment, named can't
read /etc. Named has its configuration file in its chrooted
environment, instead (/var/named/chroot/etc) and there's a link pointing
to it from /etc/ for anything else (such as us) that would like to
use /etc/named.conf.
I'm not overly convinced of the worth of chrooting named. While it may
stop some fault in named from exploiting the system, that won't some
other fault from being able to changed named's files. Are we going to
chroot everything??
No, we're going to use SELinux instead.
--
Matthew Saltzman
Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs
