Subject: Re: should bind9 have a chroot option?
To: None <firstname.lastname@example.org>
From: Chuck Yerkes <email@example.com>
Date: 04/07/2003 22:08:33
Quoting Steve Bellovin (firstname.lastname@example.org):
> named has a chroot option. However, the bind9 package does
> not. I would think that it should.
very much so. I like what OpenBSD has done internally to it:
let it open logs and devices it needs (/dev/zero?), get user info
(getpwent() etc), then, before it starts up, THEN chroot into it's
area and become the user of choice.
I like intelligent programs that chroot themselves. It means I
no longer have to whack around with log directories and such.