[15188] in bugtraq
bind running as root in Mandrake 7.0
daemon@ATHENA.MIT.EDU (Nicolas MONNET)
Sat Jun 3 21:18:52 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.21.0006031555490.8877-100000@linuxserver.it-xchange.com>
Date: Sat, 3 Jun 2000 16:03:51 +0200
Reply-To: Nicolas MONNET <nico@MONNET.TO>
From: Nicolas MONNET <nico@MONNET.TO>
To: BUGTRAQ@SECURITYFOCUS.COM
bind is run as user / group 'root' in Mandrake 7.0, and probably in
Redhat6.x as well. This is a surprising (if not stupid) setting given the
fact that sploits exist that easily break out of any chroot jail in such a
case; and that switching users is as easy as adding an option to
named. Esp. given the infuriatingly poor security track record of named
...
Indeed, here's a simple patch against /etc/rc.d/init.d/named that I
strongly suggest applying. It does'nt seem to cause any problem for me.
*** named.orig Sat Jun 3 15:55:00 2000
--- named Fri Jun 2 22:04:10 2000
***************
*** 28,34 ****
start)
# Start daemons.
echo -n "Starting named: "
! daemon named
RETVAL=$?
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/named
echo
--- 28,34 ----
start)
# Start daemons.
echo -n "Starting named: "
! daemon named -u nobody -g nogroup
RETVAL=$?
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/named
echo
