[Pdns-users] logging while chroot
markus.welsch at suk.de
Wed May 26 08:49:02 UTC 2004
> Yes, pdns_server itself is not chrooted, but pdns_server-instances
> yes. I'm worry about security here. It looks like "half way solution".
> If the chrooted process can talk to not chrooted, where the isolation
> is ?!
Here comes kernel level security in play; I suggest a kernel patch like
grsecurity which enforces chdir after chroot and also protectes outside
Normally it works as follows:
- starting as root to bind ports < 1024
- dropping root privileges to e. g. user pdns after startup is complete
Remember that the processes within the chroot should NEVER run as root.
More information about the Pdns-users