[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: NMU'ing for wishlist bugs? (aka: intent to NMU bind9)

On Mon, Sep 16, 2002 at 01:41:42PM -0400, Stephen Frost wrote:
> Dynamic allocation of the uid does not hinder this, not having a
> package-independent directory for zone files is what causes the
> hindrence, if anything.  Names exist so you don't have to know the uid.
> It's a pretty simple operation to create the user if it doesn't exist.
> Everyone just needs to agree on where the zone files are going to be (if
> they're really capable of working in any DNS server setup...) and the
> *name*.  *Not* the uid.

I might be a little stubborn... but what happens if:

1.- user installs bind
(the 'named' user gets created)
2.- user configures the name server and sets the zone information in
common dir, for example /var/named/
3.- (hypothesis) user gets hit with a bind vulnerability (but does not
re-install his system)
4.- user dpkg --purges bind
(the 'named' user gest removed right? the zone information is kept,
however, even if bind's configuration files are removed)
5.- user installs an alternative name server
(the 'named' user gets created again)

What happens *if* the configuration files belong to the 'named'
user/group? Either I'm blind or there's *no way* both packages can use the
same files, same ownership since the filesystem ties them to an uid *not*
a name. You might not need to have zone files belong to the named user if
you are using -u and -g, but they probably need to if you are running a
secondary name server which needs to update the zone information from time
to time.

Ok, feel free to correct me but I do not see how it would work.


Reply to: