Subject: Re: proposals for running named in a non-root chroot cage
To: Steven M. Bellovin <>
From: Andrew Brown <>
List: tech-security
Date: 03/08/2001 22:12:04
>>true.  but running md5 on the old one and the new one would be more
>>expensive than a simple cp.  perhaps cp is the way to go...
>That's why I specified "the stored md5 checksum" of the old one -- so 
>that you don't have to do it each time.

okay...perhaps a slight win.  :)

>But your basic point is, in fact, correct -- this is a rare operation 
>for most people; there's no reason to add complexity to optimize 
>something that's so rare.

some people like complexity.

basically, there are two extremes: do nothing and assume the admin
will take care of everything, or assume nothing and reinstall
everything each reboot so that it (probably) remains well.  testing
the mtime and the size are two cheap checks to land you somewhere in
between.  anything else is about as costly as simply copying.

|-----< "CODE WARRIOR" >-----|             * "ah!  i see you have the internet (Andrew Brown)                that goes *ping*!"       * "information is power -- share the wealth."