Subject: Re: proposals for running named in a non-root chroot cage
To: Steven M. Bellovin <firstname.lastname@example.org>
From: Andrew Brown <email@example.com>
Date: 03/08/2001 21:08:21
>>>>> - change the build system to populate /var/named/ by default
>>>>> (with named-xfer, the example etc/namedb, ...)
>>>>...named-xfer would be installed in /var/named/usr/libexec/named-xfer
>>>>and a symlink would be put at /usr/libexec/named-xfer?
>>> or, every time before named startup, copy /usr/libexec/named-xfer
>>> into /var/named/usr/libexec/named-xfer.
>>that might be a bit heavy. running cmp (or diff) would be heavier,
>>but checking that the mtime and size were the same (if copied with -p)
>>would probably be sufficient.
>Those are easy to fake. Run md5 on it, and compare to the stored md5
>checksum of the original.
true. but running md5 on the old one and the new one would be more
expensive than a simple cp. perhaps cp is the way to go...
|-----< "CODE WARRIOR" >-----|
firstname.lastname@example.org * "ah! i see you have the internet
email@example.com (Andrew Brown) that goes *ping*!"
firstname.lastname@example.org * "information is power -- share the wealth."