Chasecreek Systemhouse wrote:
On 1/13/06, Paul Howarth <paul@xxxxxxxxxxxx> wrote:
Chasecreek Systemhouse wrote:
On 1/13/06, Justin Willmert <justin@xxxxxxxxxx> wrote:
/var/named/chroot/etc/named.conf (config file)
/var/named/chroot/var/named/ (zone files dir)
It should not be chrooted if SELinux is enabled.
Whyever not?
And SELinux is more secure than a chrooted name server.
And chrooted+SELinux is more secure still. Layers of defence and all that.
LOL =)
In case no one read the named man page -- improperly set-up named
servers running as root can break out of chroot jail.
True, but the default configuration in Fedora is to run as user "named"
rather than user "root", so people would have to go out of their way to
make their setup insecure in this way.
Paul.
