From: Edgar Fuß (efnbl05bn2.maus.net)
Date: Sun Jul 17 2005 - 04:50:42 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

As I started the thread about mknod in a chroot environment,
I'll have to make some comments on the discussion my query started:

It was suggested that I had turned off standard security mechanisms
and was surprised by the impacts this had.
No I'm not. I'm running securelevel 1 on all but two NetBSD machines
(0 on a netbooted sort-of-X-terminal, 2 on a paranoid syslog server).

It was suggested to mount all filesystems either ro or nodev.
I'm not aware of anything keeping me from mounting a memory file system
non-nodev at a mount point of my discretion.

It was suggested not to run any root processes chroot-ed.
What, then, is the preferred way of running named (or, mor generally,
providing name service) or ntpd?

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]