also sprach Javier Fernández-Sanguino Peña <jfs@computer.org> [2002.01.15.1316 +0100]: > > Debian being what it is, are there any reasons why the debian bind > > package should not be chroot as the default instalation? > > RTFM. That is: > http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html#s-sec-bind > > :) well, first of all, this document refers to a bug, #50013 (to which this is CCd). in the bug, the argument comes up that "opinions differ from running bind non-root". but a chroot jail is advised. i'd love to know just why you'd ever run bind as root, even in a jail. if i have root rights in a jail, i'll break out of the jail within minutes (e.g. [1]). second, why would you *need* bind running as root? and thirdly, please check the threads at [2] and [3] if you are interested in a discussion on bind9 and chroot. > > One thing that might be a good idea, would be a security review of the > > main debian packages. It's probably beeing done for some already, but I > > would guess a lot of debian packages could benefit from even stricter > > default setups. For example, maybe libsafe should be default inn all > > installs. > > Agreed. Feel free to point to better security measures in the > Default installation and document them, once done it is a major point of > pressure to change Debian policy. running non-root *and* chrooting. > Debian could provide, with only some effort from package > maintainers versions of daemons chrooted to given environments. This > however, might break Policy (IMHO). how would it break policy? 1. http://www.bpfh.net/simes/computing/chroot-break.html 2. http://lists.debian.org/debian-devel/2001/debian-devel-200109/msg01393.html 3. http://lists.debian.org/debian-devel/2002/debian-devel-200201/msg01001.html -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck above all, we should not wish to divest our existence of its rich ambiguity. -- nietzsche
Attachment:
pgpTnwg60eTck.pgp
Description: PGP signature