[15190] in bugtraq
Re: bind running as root in Mandrake 7.0
daemon@ATHENA.MIT.EDU (Brock Sides)
Sun Jun 4 21:11:55 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <3939B689.54DA9229@mindspring.com>
Date: Sat, 3 Jun 2000 20:53:13 -0500
Reply-To: Brock Sides <philarete@MINDSPRING.COM>
From: Brock Sides <philarete@MINDSPRING.COM>
X-To: Nicolas MONNET <nico@MONNET.TO>
To: BUGTRAQ@SECURITYFOCUS.COM
Nicolas MONNET wrote:
> bind is run as user / group 'root' in Mandrake 7.0, and probably in
> Redhat6.x as well. This is a surprising (if not stupid) setting given the
> fact that sploits exist that easily break out of any chroot jail in such a
> case; and that switching users is as easy as adding an option to
> named. Esp. given the infuriatingly poor security track record of named
> ...
>
> Indeed, here's a simple patch against /etc/rc.d/init.d/named that I
> strongly suggest applying. It does'nt seem to cause any problem for me.
RedHat 6.2 runs BIND as user/group "named", IIRC.
Your patch will break things if you're running a slave nameserver,
unless you also chown /var/named (or wherever you're keeping your
automatically generated zone files) to the user you're running named as.
Brock Sides
philarete@mindspring.com
