current-users: Re: insecurity report and mtree(8) symlink behaviours

Subject: Re: insecurity report and mtree(8) symlink behaviours
To: Chris Ross <cross+netbsd@distal.com>
From: Geert Hendrickx <ghen@telenet.be>
List: current-users
Date: 10/15/2007 18:19:18

On Mon, Oct 15, 2007 at 11:00:17AM -0400, Chris Ross wrote:
> Does anyone have any suggestion as to the best way to resolve this
> issue?

You can override mtree entries in /etc/mtree/special.local.  I have e.g.:
./etc/named.conf		type=link mode=0644
./etc/namedb			type=link mode=0755

because I run named(8) chrooted and replaced the above file/dir by symlinks
into /var/chroot/named/.

It's a workaround rather than a solution, but it's provided by NetBSD. :-)

	Geert