chroot environment for name daemon

In Fedora Core series, the DNS daemon "named" is run in a chroot environment. The default directory path is changed to "/var/named/chroot/var/named" instead of "/var/named".

The idea behind chroot is to tighten security. The service is also run by a non-root user. In a chroot jail, the process is unable to access any files outside the jail. This process prevents malicious code to start in the even of buffer overflow.

Congratulations to Redhat Fedora Core team for successfully improving security of DNS service.

No comments: