tech-security: Re: proposals for running named in a non-root chroot cage

Subject: Re: proposals for running named in a non-root chroot cage
To: None <tech-security@netbsd.org>
From: Luke Mewburn <lukem@wasabisystems.com>
List: tech-security
Date: 03/09/2001 04:34:19

On Fri, Mar 09, 2001 at 04:30:04AM +1100, Luke Mewburn wrote:
> 2. Change /etc/rc.d/syslogd and /etc/rc.d/named to run named in a
>    chroot cage if $named_chrootdir != "", and add the following to
>    /etc/defaults/rc.conf:
> 	named_chrootdir="/var/named"
> 
>     Pros:
> 	+ User overrides of named_flags and syslogd_flags in /etc/rc.conf
> 	  do not negate the behaviour

	... of running in a chroot cage unless they set named_chrootdir=""
	in /etc/rc.conf.

[i thought the clarification might be useful.]