Enrico Scholz wrote:
Adam Tkac atkac@redhat.com writes:
Also complete /var/named/* subtree will be writable by named
This is bad. Only the slaves/ and data/ (for DDNS) dirs must be writable. pz/ and the other parts of the chroot filesystem must be read-only for named.
And why exactly is that? Any reference or reason? What becomes exploitable if that is changed?