On Wed, Apr 27, 2016, at 06:30 AM, Matthew Pounsett wrote: > > Actually it is normal for privsep processes to chroot themselves, usually > > to /var/empty - e.g. > > Right, so "no chroot necessary" (which is what I was responding to) isn't > accurate.
Oh. That's not what I got out of your comment. >From this end-user's perspective, there's a pretty big difference from a user >perspective of (1) "it" uses privsep, and takes care of the chroot for you -- i.e., you don't mess with it, and it's all in a documented, predictable package and (2) you have to monkey with all of it yourself. It's either easy & insecure, or secure but 'good luck with it'. Jason _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
