Source-Changes-D archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: src/external/bsd/bind/dist/bin/named

In article <>,
matthew green  <> wrote:
>   Modified Files:
>       src/external/bsd/bind/dist/bin/named: server.c
>   Log Message:
>   Don't log if "." is not writable. In the chrooted environment this is
>   "/var/chroot/named", and there is no reason whatsoever for this to be
>   writable!
>this seems bogus to me.
>this check seems to be about making sure it can write secondary
>files.  it's a good check.
>for my named chroot setup a9hich i've been using since before
>both netbsd or bind-proper had them, but using the same basic
>technique of named user/group & chroot), i kept named chdiring
>into, eg, /var/chroots/named/etc/namedb and that dir was
>writable, but the toplevel chroot dir was not.
>please restore this check and fix the usage.

I don't think you are right here:

$ ls -l /var/chroot/named/
total 8
drwxr-xr-x  2 root  wheel  512 Jun  3  2005 dev/
drwxr-xr-x  4 root  wheel  512 Oct  2  2005 etc/
drwxr-xr-x  3 root  wheel  512 May 22  2005 usr/
drwxr-xr-x  4 root  wheel  512 May 22  2005 var/

This is like root, and I have security issues changing the permissions there.
Named has no business having write access there.

Perhaps you are confusing this directory with /var/chroot/named/etc/namedb?


Home | Main Index | Thread Index | Old Index