ndc socket permissions, Solaris 2.6

[Mark.Andrews at nominum.com]

	It looks like you haven't read the file called "README" and
	the "SECURITY NOTE" in there.

	BIND 8.2.3 creates a seperate directory to hold the socket.

	Mark

>     I seem to be able to issue commands to named via ndc as an
> unprivileged user, even though the socket permissions appear to deny
> this explicitly.  Anyone else seen this?
> 
>     Server is a Netra t1, Solaris 2.6 Generic_105181-21.  BIND 8.2.2p5
> lives in /opt.  Bare-bones named.conf (no "acl" or "controls" blocks).
> named is running as root.  Neither named nor ndc are setuid root.  On
> a FreeBSD server, you get the expected "ndc: error: ctl_client:
> evConnect(fd 3): Permission denied" if you try to connect to the
> control socket as an unprivileged user.
> 
> % id -a
> uid=10070(taob) gid=14(sysadmin) groups=14(sysadmin)
> 
> % ps -ef | fgrep named
>     root   371     1  0 21:08:14 ?        0:00 /opt/sbin/named
> 
> % ls -l /opt/etc/ndc /opt/sbin/ndc
> srw-------   1 root     root           0 Jul 23 21:08 /opt/etc/ndc
> -rwxr-xr-x   1 root     root       46912 Jun  4 09:44 /opt/sbin/ndc
> 
> % /opt/sbin/ndc status
> named 8.2.2-P5 Sun Jun  4 09:45:06 EDT 2000 taob at tor-dev1:/depot/src/ofs/bind
> -8.2.2p5/src/bin/named
> number of zones allocated: 64
> debug level: 0
> xfers running: 0
> xfers deferred: 0
> soa queries in progress: 0
> query logging is OFF
> server is DONE priming
> server IS NOT loading its configuration
> 
> % /opt/sbin/ndc stop
> Shutdown initiated.
> 
> % ls -l /opt/etc/ndc
> /opt/etc/ndc: No such file or directory
> 
> % ps -ef | fgrep named
> %
> 
> -- 
> Brian Tao (BT300, taob at risc.org)
> "Though this be madness, yet there is method in't"
> 
> 
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com