bind + setuid()
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Tue Jun 29 23:42:08 UTC 1999
Upgrade to BIND 8.2.1 before going on.
>
>
>
> Hi,
>
> I have a reverse problem. I'd like to run bind as root, but allow certain (un
> ix)
> group of users to start/stop it. This is BIND8.2 on Solaris 2.6. I tried to s
> et
> /usr/local/sbin/ndc suid root and restrict access/execute permissions to my
> group, but it didn't work - ndc complained it can't create /etc/ndc and it
> started named process running under my regular user uid.
>
I have not tried to do this. As a general rule it is not
a good idea to just set the suid bit on programs that were
not designed to have it set.
> Maybe this behavior is Solaris specific, I don't have too much experience wit
> h
> Solaris suid programs. BTW, there is a known Solaris bug, which allows any us
> er
> to run ndc (verison 8.2) and send various commands to running named, includin
> g
> ndc stop (but not start or restart). This is because Solaris doesn't properly
> respect access permissions on named pipes, such as /etc/ndc.
Read the discussion about this in the 8.2.1 README.
>
> Any ideas ?
>
> Honza
>
Mark
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list