OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq Archives: Re: BIND bugs of the month (fwd)

Re: BIND bugs of the month (fwd)


Alan Cox (alanLXORGUK.UKUU.ORG.UK)
Mon, 15 Nov 1999 00:58:15 +0000


> when i saw the linux chroot("../../../../../../../..") hole i about fell
> out of my chair. truly no place is safe any more.

Not a bug. chroot() requires root. root can use ioperm and other stuff.
If you put a setuid app or a root app in a chroot jail you are a fool.
Its not an OS specific bug either, its part of the way chroot()
works.

Named run sanely (as non-root and re-execed on an interface change) in
a chroot jail is pretty safe from exposing the machine, but as Dan
rightly points out not from subverting your DNS.

If you think bind is unauditable then help work on DENTS
(www.dents.org)



This archive was generated by hypermail 2.0b3 on Mon Nov 15 1999 - 01:35:14 CST