Subject: Re: pkg/14876
To: None <,,>
From: Greg A. Woods <>
List: pkgsrc-bugs
Date: 03/17/2005 18:10:02
The following reply was made to PR pkg/14876; it has been noted by GNATS.

From: "Greg A. Woods" <>
	NetBSD Bugs and PR posting List <netbsd-bugs@NetBSD.ORG>,
	NetBSD GNATS submissions and followups <>
Subject: Re: pkg/14876
Date: Thu, 17 Mar 2005 13:09:11 -0500 (EST)

 [ On Thursday, March 17, 2005 at 15:42:36 (+0000), wrote: ]
 > Subject: Re: pkg/14876
 > Synopsis: named should never run as root, at least not by default
 > State-Changed-From-To: open->closed
 > State-Changed-By:
 > State-Changed-When: Thu, 17 Mar 2005 15:42:36 +0000
 > State-Changed-Why:
 > I want the BIND 9 package to be a drop in replacement for the name server
 > in NetBSD's base distribution. It will therefore use the same defaults.
 > If you want this to get change (which is probably a good idea) submit
 > a PR against NetBSD's default settings in "/etc/defaults/rc.conf".
 If you care to look at /etc/rc.d/named on any modern system (including
 1.6), you'll find that '-u named' is always passed to named.
 However pkgsrc is intended to run on non-modern systems, and non-NetBSD
 systems, so its own rc.d script for net/bind8 and net/bind9 should mimic
 the same behaviour.
 I.e. you of all people need to remember that pkgsrc is not NetBSD
 specific and making the BIND-9 package a secure way to install and use
 BIND-9 on other systems must also be a requirement.
 Finally if you look at some of the changes I submitted you'll find they
 are NECESSARY if bind9 is ever to start properly and securely as a
 non-root user on any system where root blindly trusts the content of
 /var/run files (e.g. NetBSD).  I.e. at least some of the changes I
 submit are critically necessary if the native rc.d script is used!
 (Note that the BIND developers feel the security issues related to
 having a /var/run that's writable by the user and/or group an attacker
 would gain access to by successfully exploiting named is a
 system-specific issue and not one germane to BIND itself.)
 And BTW, BIND-9 cannot currently be a clean drop-in replacement for the
 NetBSD nameserver.  It's impossible as they have very different
 configuration requirements.  Anyone who thinks they can get away with a
 pkg_add of BIND-9 and a restart is fooling themselves to the point of
 causing harm (to their system).  At the moment a "drop-in" replacment
 could only be possible with BIND-8.
 						Greg A. Woods
 H:+1 416 218-0098  W:+1 416 489-5852 x122  VE3TCP  RoboHack <>
 Planix, Inc. <>          Secrets of the Weird <>