pkgsrc-bugs: Re: pkg/14876

Subject: Re: pkg/14876
To: None <tron@netbsd.org, gnats-admin@netbsd.org, pkgsrc-bugs@netbsd.org>
From: Greg A. Woods <woods@weird.com>
List: pkgsrc-bugs
Date: 03/17/2005 18:10:02
The following reply was made to PR pkg/14876; it has been noted by GNATS.

From: "Greg A. Woods" <woods@weird.com>
To: tron@netbsd.org
Cc: pkgsrc-bugs@netbsd.org,
	NetBSD Bugs and PR posting List <netbsd-bugs@NetBSD.ORG>,
	NetBSD GNATS submissions and followups <gnats-bugs@netbsd.org>
Subject: Re: pkg/14876
Date: Thu, 17 Mar 2005 13:09:11 -0500 (EST)

 [ On Thursday, March 17, 2005 at 15:42:36 (+0000), tron@netbsd.org wrote: ]
 > Subject: Re: pkg/14876
 >
 > Synopsis: named should never run as root, at least not by default
 > 
 > State-Changed-From-To: open->closed
 > State-Changed-By: tron@netbsd.org
 > State-Changed-When: Thu, 17 Mar 2005 15:42:36 +0000
 > State-Changed-Why:
 > I want the BIND 9 package to be a drop in replacement for the name server
 > in NetBSD's base distribution. It will therefore use the same defaults.
 > 
 > If you want this to get change (which is probably a good idea) submit
 > a PR against NetBSD's default settings in "/etc/defaults/rc.conf".
 
 If you care to look at /etc/rc.d/named on any modern system (including
 1.6), you'll find that '-u named' is always passed to named.
 
 However pkgsrc is intended to run on non-modern systems, and non-NetBSD
 systems, so its own rc.d script for net/bind8 and net/bind9 should mimic
 the same behaviour.
 
 I.e. you of all people need to remember that pkgsrc is not NetBSD
 specific and making the BIND-9 package a secure way to install and use
 BIND-9 on other systems must also be a requirement.
 
 Finally if you look at some of the changes I submitted you'll find they
 are NECESSARY if bind9 is ever to start properly and securely as a
 non-root user on any system where root blindly trusts the content of
 /var/run files (e.g. NetBSD).  I.e. at least some of the changes I
 submit are critically necessary if the native rc.d script is used!
 (Note that the BIND developers feel the security issues related to
 having a /var/run that's writable by the user and/or group an attacker
 would gain access to by successfully exploiting named is a
 system-specific issue and not one germane to BIND itself.)
 
 And BTW, BIND-9 cannot currently be a clean drop-in replacement for the
 NetBSD nameserver.  It's impossible as they have very different
 configuration requirements.  Anyone who thinks they can get away with a
 pkg_add of BIND-9 and a restart is fooling themselves to the point of
 causing harm (to their system).  At the moment a "drop-in" replacment
 could only be possible with BIND-8.
 
 -- 
 						Greg A. Woods
 
 H:+1 416 218-0098  W:+1 416 489-5852 x122  VE3TCP  RoboHack <woods@robohack.ca>
 Planix, Inc. <woods@planix.com>          Secrets of the Weird <woods@weird.com>