Re: FreeBSD Security Advisory: FreeBSD-SA-01:18.bind

From: Alfred Perlstein (bright@wintelcom.net)
Date: 01/31/01 

Date: Wed, 31 Jan 2001 14:54:23 -0800
From: Alfred Perlstein <bright@wintelcom.net>
To: Brian Behlendorf <brian@collab.net>

* Brian Behlendorf <brian@collab.net> [010131 14:47] wrote:
> On Wed, 31 Jan 2001, Alfred Perlstein wrote:
> > * Roman Shterenzon <roman@xpert.com> [010131 13:56] wrote:
> > > On Wed, 31 Jan 2001, FreeBSD Security Advisories wrote:
> > >
> > > > =============================================================================
> > > > FreeBSD-SA-01:18 Security Advisory
> > > >
> > > > Topic: BIND remotely exploitable buffer overflow
> > > ..snip..
> > >
> > > Why not make it default in the base system?
> >
> > It has been, but only for several days.
>
> I think he meant, why not set those recommendations for running as user
> "bind" and in a chroot jail as the default? Unless I'm missing something,
> that's not the case currently:
>
> [yez] 2:47pm ~ > fgrep -i named_flag /etc/defaults/rc.conf
> named_flags="" # Flags for named
> #named_flags="-u bind -g bind" # Flags for named

Since named supports a command line option for chroot as well
as user flags (-t) it would be trivial to have it the defaultt.

It's pretty much a toss-up between usability and security.

I guess this is the final blow for me, and I think we should
run bind in a sandbox at this point, I'm just worried about
confusing newbies who wish to set it up.

If anyone has a proposal on doing it by default that doesn't
impact ease of use (or if already doesn't impact it) then I'm
for it.

What I'm worrying about specifically is ndc and other utilities
basically are unix domain sockets not in the expected place all of
sudden? 

-- 
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
"I have the heart of a child; I keep it in a jar on my desk."
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: FreeBSD Security Advisory: FreeBSD-SA-01:18.bind
    ... :as user flags it would be trivial to have it the defaultt. ... not be able to rebind its sockets), you can only restart it, and ... named HUP code). ... The 's/' subdirectory should be user bind, group bind, ...
    (FreeBSD-Security)
  • Re: chroot and BIND
    ... Subject: chroot and BIND ... >> chroot jail was not completely configured with respect to local time. ... geographical area its worth considering setting system time to GMT and letting ...
    (Focus-SUN)
  • Re: chroot and BIND
    ... Subject: chroot and BIND ... On Tue, 23 Oct 2001, Joseph Tam wrote: ... > How, incidentally, are people constructing their chroot jail to run ...
    (Focus-SUN)
  • Re: DNS recommendations
    ... >> Bind can run as user within a chroot jail with no problems. ... It really amazes me how this DNS server, ... > But if I really had to set up a DNS server, I would still go with djbdns ...
    (comp.os.linux.security)
  • Re: DNS recommendations
    ... >> Bind can run as user within a chroot jail with no problems. ... >> some kernel patch like grsecurity to limit what processes can do under ...
    (comp.os.linux.security)