ndc problem
Jim Reid
jim at rfc1035.com
Mon Jan 31 22:58:08 UTC 2000
>>>>> "Sheng" == Sheng Zhu <sz at att.com> writes:
Sheng> Don't know if anyone else have seen this problem, but ndc
Sheng> seems insecure when it allows any user on the local system
Sheng> to kill the named process - no matter whether you have
Sheng> control statement in the config or not. It will not allow
Sheng> any user to start the named process though.
Sheng> This ndc behavior was observed on a Sun Ultra system
Sheng> running Solaris 2.6 patched at 105181_15.
This is a bug in Solaris, so complain to Mr. Sun. There is a comment
about this bug at the top of the README file in BIND8.2.2P5:
SECURITY NOTE:
Solaris and other pre-4.4BSD kernels do not respect ownership or
protections on UNIX-domain sockets. This means that the default
path for the NDC control socket (/var/run/ndc) is such that any
user (root or other) on such systems can issue any NDC command
except "start" and "restart". The short term fix for this is to
override the default path and put such control sockets into root-
owned directories which do not permit non-root to r/w/x through them.
The medium term fix is for BIND to enforce this requirement internally.
The long term fix is for all kernels to upgrade to 4.4BSD semantics.
More information about the bind-users
mailing list