Permission denied, deleting interface

Paul A Vixie vixie at mibh.net
Sun Aug 8 15:16:09 UTC 1999 

> > yes.  bind's initial interface scan and interface bindings are all done
> > before the setuid/setgid.  it really should not even bother to rescan the
> > interface table after this, but it still does, and if it sees a new alias
> > or interface it tries to bind to it, and it fails, and it complains.

btw, this fix will appear in BIND 8.2.2 as change #746:

Index: CHANGES
===================================================================
RCS file: /proj/cvs/isc/bind/src/CHANGES,v
retrieving revision 8.359
diff -u -r8.359 CHANGES
--- CHANGES     1999/08/08 14:55:42     8.359
+++ CHANGES     1999/08/08 15:13:20
@@ -1,3 +1,5 @@
+ 746.  [bug]           don't bother rescanning the interfaces if setuid!=root.
+
  745.  [protocol]      IXFR transmission was just plain wrong in some cases.
 
  744.  [support]       allow the calling location of strings to be recorded.
Index: bin/named/ns_main.c
===================================================================
RCS file: /proj/cvs/isc/bind/src/bin/named/ns_main.c,v
retrieving revision 8.102
diff -u -r8.102 ns_main.c
--- bin/named/ns_main.c 1999/08/08 02:27:47     8.102
+++ bin/named/ns_main.c 1999/08/08 15:14:08
@@ -141,6 +141,7 @@
                                /* list of interfaces */
 static LIST(struct _interface) iflist;
 static int                     iflist_initialized = 0;
+static int                     iflist_dont_rescan = 0;
 
 static const int               drbufsize = 32 * 1024,  /* UDP rcv buf size */
                                dsbufsize = 48 * 1024,  /* UDP snd buf size */
@@ -500,6 +501,8 @@
                        ns_panic(ns_log_security, 1, "setuid(%s): %s",
                                 user_name, strerror(errno));
                ns_info(ns_log_security, "user = %s", user_name);
+               if (user_id != 0)
+                       iflist_dont_rescan++;
        }
 #endif /* CAN_CHANGE_ID */
 
@@ -1070,6 +1073,14 @@
        u_char *mask_ptr;
        struct in_addr mask;
 
+       if (iflist_initialized) {
+               if (iflist_dont_rescan)
+                       return;
+       } else {
+               INIT_LIST(iflist);
+               iflist_initialized = 1;
+       }
+
        ns_debug(ns_log_default, 1, "getnetconf(generation %lu)",
                 (u_long)my_generation);
 
@@ -1081,11 +1092,6 @@
                ns_error(ns_log_default, "socket(SOCK_RAW): %s",
                         strerror(errno));
                return;
-       }
-
-       if (!iflist_initialized) {
-               INIT_LIST(iflist);
-               iflist_initialized = 1;
        }
 
        if (local_addresses != NULL)

More information about the bind-users mailing list