Date: 15 Dec 1998 02:41:17 +0100 From: Dag-Erling Smorgrav <des@flood.ping.uio.no> To: committers@FreeBSD.ORG Subject: Bind sandbox bogosity Message-ID: <xzpvhjembb6.fsf@flood.ping.uio.no>
next in thread | raw e-mail | index | archive | help
One side-effect of forcing named to run as bind:bind is that when you HUP it, it tries to recreate the pid file (update_pid_file(), which is called from load_configuration(), both in ns_config.c), but can't because it doesn't have privs any more and /var/run is only writeable by root. Another, far more serious, side-effect is that when it rescans interfaces (normally every 60 minutes) and finds an interface it wasn't already bound to, it'll try to bind to it, and fail miserably because only root can bind to port 53. Solution 1: don't run named as bind:bind (and consequently back out revision 1.64 of src/etc/rc.conf and revisions 1.33 and 1.32 of src/etc/mtree/BSD.root.dist) Solution 2: hack bind to temporarily regain privs when HUPed. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpvhjembb6.fsf>