Re: pkg/14876

To: tron%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, pkgsrc-bugs%netbsd.org@localhost
Subject: Re: pkg/14876
From: "Greg A. Woods" <woods%weird.com@localhost>
Date: Thu, 17 Mar 2005 18:10:02 +0000 (UTC)

The following reply was made to PR pkg/14876; it has been noted by GNATS.

From: "Greg A. Woods" <woods%weird.com@localhost>
To: tron%netbsd.org@localhost
Cc: pkgsrc-bugs%netbsd.org@localhost,
        NetBSD Bugs and PR posting List <netbsd-bugs%NetBSD.ORG@localhost>,
        NetBSD GNATS submissions and followups <gnats-bugs%netbsd.org@localhost>
Subject: Re: pkg/14876
Date: Thu, 17 Mar 2005 13:09:11 -0500 (EST)

 [ On Thursday, March 17, 2005 at 15:42:36 (+0000), tron%netbsd.org@localhost 
wrote: ]
 > Subject: Re: pkg/14876
 >
 > Synopsis: named should never run as root, at least not by default
 > 
 > State-Changed-From-To: open->closed
 > State-Changed-By: tron%netbsd.org@localhost
 > State-Changed-When: Thu, 17 Mar 2005 15:42:36 +0000
 > State-Changed-Why:
 > I want the BIND 9 package to be a drop in replacement for the name server
 > in NetBSD's base distribution. It will therefore use the same defaults.
 > 
 > If you want this to get change (which is probably a good idea) submit
 > a PR against NetBSD's default settings in "/etc/defaults/rc.conf".

 If you care to look at /etc/rc.d/named on any modern system (including
 1.6), you'll find that '-u named' is always passed to named.

 However pkgsrc is intended to run on non-modern systems, and non-NetBSD
 systems, so its own rc.d script for net/bind8 and net/bind9 should mimic
 the same behaviour.

 I.e. you of all people need to remember that pkgsrc is not NetBSD
 specific and making the BIND-9 package a secure way to install and use
 BIND-9 on other systems must also be a requirement.

 Finally if you look at some of the changes I submitted you'll find they
 are NECESSARY if bind9 is ever to start properly and securely as a
 non-root user on any system where root blindly trusts the content of
 /var/run files (e.g. NetBSD).  I.e. at least some of the changes I
 submit are critically necessary if the native rc.d script is used!
 (Note that the BIND developers feel the security issues related to
 having a /var/run that's writable by the user and/or group an attacker
 would gain access to by successfully exploiting named is a
 system-specific issue and not one germane to BIND itself.)

 And BTW, BIND-9 cannot currently be a clean drop-in replacement for the
 NetBSD nameserver.  It's impossible as they have very different
 configuration requirements.  Anyone who thinks they can get away with a
 pkg_add of BIND-9 and a restart is fooling themselves to the point of
 causing harm (to their system).  At the moment a "drop-in" replacment
 could only be possible with BIND-8.

 -- 
                                                Greg A. Woods

 H:+1 416 218-0098  W:+1 416 489-5852 x122  VE3TCP  RoboHack 
<woods%robohack.ca@localhost>
 Planix, Inc. <woods%planix.com@localhost>          Secrets of the Weird 
<woods%weird.com@localhost>

Prev by Date: Re: pkg/14876
Next by Date: Re: pkg/14876
Previous by Thread: Re: pkg/14876
Next by Thread: Re: pkg/14876
Indexes:

Home | Main Index | Thread Index | Old Index