Re: BIND bugs of the month (fwd)

[alan () LXORGUK UKUU ORG UK (Alan Cox)]

> when i saw the linux chroot("../../../../../../../..") hole i about fell
> out of my chair.  truly no place is safe any more.

Not a bug. chroot() requires root. root can use ioperm and other stuff.
If you put a setuid app or a root app in a chroot jail you are a fool.
Its not an OS specific bug either, its part of the way chroot()
works.

Named run sanely (as non-root and re-execed on an interface change) in
a chroot jail is pretty safe from exposing the machine, but as Dan
rightly points out not from subverting your DNS.

If you think bind is unauditable then help work on DENTS
(www.dents.org)