No subject
Tue Apr 2 00:56:56 UTC 2013
SECURITY NOTE: Solaris and other pre-4.4BSD kernels do not respect
ownership or protections on UNIX-domain sockets. This means that the
default path for the NDC control socket (/var/run/ndc) is such that
any user (root or other) on such systems can issue any NDC command
except "start" and "restart". The short term fix for this is to
override the default path and put such control sockets into root-
owned directories which do not permit non-root to r/w/x through them.
The medium term fix is for BIND to enforce this requirement
internally. The long term fix is for all kernels to upgrade to 4.4BSD
semantics.
Cheers
Richard
More information about the bind-users
mailing list