1

Hy,

Why a chrooted bind need to mknod dev/null and dev/random ?

Howto say it's necessary but without explain reasons, I administrate chrooted bind servers without theses options, and all seems to work perfectly ...

Thanks for your answers.

profy
  • 1,146
  • 9
  • 20

1 Answers1

1

Many programs and libraries open /dev/null, /dev/zero, or /dev/random. If whatever you're running in the chrooted jail needs those pseudo-devices, they need to be present inside the jail. If they are not included, an application may work for a while and then die (when the pseudo device open fails).

You can check your binaries (including dynamic libraries) and see if the devices are mentioned. From a security standpoint, it's difficult to see any negative implications from /dev/null or /dev/zero. If I was being paranoid, or doing covert channel analysis (not that there's that much difference), I'd want to look at the specific implementation of /dev/random.

mpez0
  • 1,512
  • 9
  • 9