-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tim wrote: > The idea is that if someone manages to exploit BIND, it can't mess up > the rest of your system, as it's locked in a jail. It's not about > protecting BIND from something else. > > NB: It's not 100% locked up, people do find ways to break out of chroot > jails. True but AFAIK you need root privileges to do this and named drops these as soon as it is chrooted. The other thing protecting bind by default on FC6 is the SELinux policy. even if an attacker managed to exploit named and break out of the chroot this will constrain what he/she is able to do. regards Stuart - -- Stuart Sears RHCA RHCSS RHCX PEBKAC STFU "Quit worrying about your health. It'll go away." - - Robert Orben -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFFw0/lamPtx1brPQ4RAuUPAJsEibCiu+o1v7GMsgTaUyhCBTCv5ACfXpPX 5tNYCjDNp+8NjpCbuIYRfNo= =zMTn -----END PGP SIGNATURE-----
