DESTETC /usr/local/etc not created

Jim Reid jim at rfc1035.com
Wed Dec 22 11:12:55 UTC 1999 

>>>>> "hoshi" == hoshi sepai <h.sepai at mdx.ac.uk> writes:

    hoshi> Could you provide me with any references on the above
    hoshi> security problem with domain sockets. Any URLs or papers.

Take a look at the README file that's shipped with 8.2.2P5.

Anything explaining UNIX file permissions should do. [It's about how
the filesystem works, rather than a security problem with UNIX domain
sockets as such.] If random users have write permission on
/var/run/ndc (or whatever pathname you use for that UNIX domain
socket), they can control your name server. They can stop it, restart
it, reload it, switch debugging on/off, etc, etc. Anything you can do
with ndc (the program), they can do. Not surprisingly, few people like
this.

On some systems, no permission checks are made on the files associated
with UNIX domain sockets. [Those based on 4.4 BSD do perform these
checks and there are probably others that do this too.] On the systems
that don't apply these checks, specifying the owner and group IDs and
access permissions on /var/run/ndc with a controls{} statement in
named.conf is pointless. Another approach is needed on them.

The UNIX domain socket is written to a directory - say /var/run/named
- that has restricted access permissions, perhaps 500 mode owned by
the DNS uid/gid. A setup like this means only the DNS user account can
go to that directory and talk to the name server via the UNIX domain
socket. In short, the filesystem's permission checking gets done on
the socket's directory because it's not done on the socket itself.
This should keep the undesirables away from your name server. Leaving
the ndc socket in /var/run and changing the permissions on that
directory is also a possibility. However this could break other things
by denying legitimate access to the files there, like the UNIX domain
socket for submitting print jobs to the printer daemon for example.

    hoshi> <color><param>7F00,0000,0000</param>> > 4) When installing
    hoshi> Solaris is it prefera ble to specify Other or Done for a

Please *don't* put HTML in your mail. It's ugly and hard to read. And
why should the rest of the world have to use a web broswer to make
sense of your mail?

More information about the bind-users mailing list