Bugtraq mailing list archives

Re: bind running as root in Mandrake 7.0

From: aleph1 () SECURITYFOCUS COM (Elias Levy)
Date: Thu, 8 Jun 2000 11:40:25 -0700


This is a summary of the last responses in this thread. I am killing
this thread here.

Jim Knoble <jmknoble () pint-stowp cx>:

Those really interested in a secure DNS server ought to forget trying           to secure BIND and use D. J. 
Bernstein's dnscache package instead:

 http://cr.yp.to/dnscache.html

Its "regular" DNS server, tinydns, runs as a non-root user in chrooted
environment by default.  Read the website for more info about security,
dnscache, and BIND.

Thomas Novin <thnov () thalamus se>:

Debian Slink and Potato (frozen) both install BIND 8.2.2R5 as root.


Slackware also as long as I can remeber. Same goes for the latest version,
7.0-current.

"Andrew L . Davis" <adavis () THREKSTUN NET>:

Debian Slink and Potato (frozen) both install BIND 8.2.2R5 as root.


There was a long standing discussion on this which basically boils down to the
fact that if you obtain your address dynamically or have dynamic interfaces
(some form of PPP or anything on PCMCIA) you have to run it as root in order
for bind to use these interfaces.

bind does not bind 0.0.0.0:53. It for one or another reason binds every
interface separately. Hence if an interface is not available at bind start
time and bind does not run as root the interfaces are not rebound.

So running as non-root will not work in some cases. They may be covered in any
of the listed distros but this means making bind, all dhcp-clients, pcmcia,
ppp, ad naseum depend on each other and mess with each other's init scripts.
For now I do not know of a distro that does this.

Nicolas MONNET <nico () MONNET TO>:

Red Hat 6.0 runs named as root.root.
Red Hat 6.2 runs named as named.named

Andreas Hasenack <andreas () conectiva com br>:

That fix also doesn't take into consideration that named can dump
some statistics files, such as named.memstat, named.stats and named_dump.db.
named follows symlinks, and therefore those files shouldn't be dumped in
a world writable directory such as /var/tmp (although we are now running as
an unprivileged user). One shoule create another directory, give the right
permissions to it and let named dump those files there.

For example, the following lines in named.conf's options section:
  dump-file "/var/named/dump/named_dump.db";
  statistics-file "/var/named/dump/named.stats";
  memstatistics-file "/var/named/dump/named.memstats";
And make that directory so that the "named" user can create files there.

--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum

Current thread:

Re: Remote DoS attack in Real Networks Real Server (Strike #2) vulnerability Ryan Russell (Jun 01)
- Re: Remote DoS attack in Real Networks Real Server (Strike #2) vulnerability Christopher Schulte (Jun 02)
- bind running as root in Mandrake 7.0 Nicolas MONNET (Jun 03)
  - Re: bind running as root in Mandrake 7.0 Brock Sides (Jun 03)
  - Re: bind running as root in Mandrake 7.0 White Vampire (Jun 03)
  - Re: bind running as root in Mandrake 7.0 Andrew L . Davis (Jun 04)
    - Re: bind running as root in Mandrake 7.0 Elias Levy (Jun 08)
    - Circumventing Outlook Security Update File Download Security With IFRAMEs cassius () HUSHMAIL COM (Jun 09)
    - Re: bind running as root in Mandrake 7.0 Nathan Neulinger (Jun 11)
    - Remote DoS for Mercur 3.2 |[TDP]| (Jun 13)
    - Vulnerability in Solaris ufsrestore Job de Haas (Jun 14)
- <Possible follow-ups>
- Re: Remote DoS attack in Real Networks Real Server (Strike #2) Vulnerability Christopher Schulte (Jun 02)