BIND: limiting recursion just might make things harder for spammers
Marc MERLIN
marc_news at merlins.org
Sun Nov 24 22:40:36 PST 2002
On Mon, Nov 18, 2002 at 09:37:24AM -0800, Mark Allen wrote:
> On Sun, Nov 17, 2002 at 08:24:01PM -0800, Rick Moen wrote:
> > the OpenBSD variant of BIND4 has been doing a damned good job
> > at plugging the incessant holes in that codebase (and runs it chrooted).
>
> Generally true and chrooting is good, especially for BIND 4. :)
If memory serves, Bind 4 runs as root.
As a result, the chroot is mostly useless unless you run grsecurity and
you have configured it accordingly
For that matter, I remember a bind exploit that would escape a chroot
jail before doing anything else.
Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/ | Finger marc_f at merlins.org for PGP key
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: not available
URL: <http://www.baylisa.org/pipermail/baylisa/attachments/20021124/85c9c307/attachment.bin>
More information about the Baylisa
mailing list