On Tue, 25 Sep 2001, Christian Kurz wrote: > On 01-09-24 Henrique de Moraes Holschuh wrote: > > On Mon, 24 Sep 2001, Christian Kurz wrote: > > > Hm, that doesn't make much sense too me. I think the best thing would be > > > to have /etc/bind inside $CHROOT and having no symlink. > > > And scratch the second-most important feature of Debian (the first one being > > the DFSG)? Do Not Move Config Files Out Of /etc. Ever. If you need it > > elsewhere, at least leave a symbolic link in place. > > But having a link from either the config-files in /etc/bind to $CHROOT > or in the other direction, could be in my opinion a security risk. In my
Oh, how so? > opinion there should be absolutely no link from $CHROOT to any file > outside the chroot. So instead of creating a $CHROOT that contains Get some sleep. Links from inside the chroot to outside do not work, unless the kernel is fucked up. As for Links from outside to inside, please expand on just how they're a threat to security? > and would instead suggestion to modify the documents stating that all > config files should be in /etc to make a exception for $CHROOT. <wears QA hat> NEVER. This is not some low-grade distribution where you can go around scattering configuration files all over the filesystem. I will fight tooth and nail against such an atrocity. </wears QA hat> -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh
