LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Is chrooted bind really necessary?
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 01-15-2009, 02:46 AM   #1
jarco
LQ Newbie
 
Registered: Apr 2007
Location: Flanders
Distribution: Fedora / Centos / Puppy
Posts: 15

Rep: Reputation: 0
Is chrooted bind really necessary?

Hello all,

I recently tried to install bind chrooted on a completely fresh debian etch r2.
I used howtoforge guide to chroot bind but cant get bind started. I get an error what i think is permission related. After lots of frustration i was beginning to ask myself: is it really needed to chroot bind?

So since I don't know i ask you guys

Is it really needed? Is it really that big of a security risk. How can external people abuse a not chrooted bind?
 
Old 01-15-2009, 02:59 AM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 370Reputation: 370Reputation: 370Reputation: 370
I don't think any security measure exists which is necessary (unless it's required by law). But it's important that you assume that your BIND daemon will be compromised, and take pre-emptive measures for that. That's probably what your tutorial was aiming at with the chroot suggestion. Perhaps you should get a good night's sleep and then try again. I mean, chroot provides a very weak layer of security, but it's better than nothing at all. In the future, you might wanna look at mandatory access control instead.
Last edited by win32sux; 01-15-2009 at 03:08 AM.
 
Old 01-15-2009, 12:32 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 24,792
Blog Entries: 50

Rep: Reputation: 2165Reputation: 2165Reputation: 2165Reputation: 2165Reputation: 2165Reputation: 2165Reputation: 2165Reputation: 2165Reputation: 2165Reputation: 2165Reputation: 2165
In addition you also might want to ask yourself if you want to run ISC BIND and not djbdns.
 
  


Reply

Tags
bind, chroot, dns


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache chrooted? clau_bolson Linux - Server 1 12-23-2008 08:08 AM
Bind problem: config files are missing after re-install bind 9.5 on Fedora Core 8 elvisious Linux - Software 1 07-15-2008 07:49 PM
how to get out of the chrooted environment kirtikjr Linux - Software 1 07-12-2007 05:40 PM
What does chrooted mean? Red Squirrel Linux - Software 6 08-21-2005 08:41 PM
Chrooted Apache dominant Linux - Security 4 09-20-2004 02:48 AM


All times are GMT -5. The time now is 08:18 AM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration