Date: Tue, 7 Mar 2000 02:58:45 +0200 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Igor Roshchin <igor@physics.uiuc.edu> Cc: security@freebsd.org Subject: Re: named started by any user will be running until killed... Message-ID: <20000307025845.E84318@hades.hell.gr> In-Reply-To: <200003060858.CAA07208@alecto.physics.uiuc.edu>; from igor@physics.uiuc.edu on Mon, Mar 06, 2000 at 02:58:06AM -0600 References: <200003060858.CAA07208@alecto.physics.uiuc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Mar 06, 2000 at 02:58:06AM -0600, Igor Roshchin wrote: > > Hello! > > I've got a situation when an ordinary shell user on a FreeBSD-3.4-RELEASE > box started the named server (by a mistake). > (Currently, this host is not running named) > The server wrote barked (to the syslog): > > Feb 29 06:57:06 <daemon.warn> MYHOST named[22132]: limit files set to fdlimit ( > 1024) > Feb 29 06:57:06 <daemon.warn> MYHOST named[22132]: db_load could not open: loca > lhost.rev: No such file or directory > Feb 29 06:57:06 <daemon.err> MYHOST named[22132]: ctl_server: bind: Permission > denied > Feb 29 06:57:06 <daemon.err> MYHOST named[22132]: couldn't create pid file '/va > r/run/named.pid' > > but did not exit. > Instead, it continued with periodic messages like: You can always chown the named executable to bind:bind and let only users from that group execute the binary. By carefully adding users to the group, you can control who can run the named executable, and still not stop the `bind' user from running nicely in a jail or outside of it. Oh, don't forget to chown named-xfer and all the other programs that named will want to use ;) -- Giorgos Keramidas, < keramida @ ceid . upatras . gr > For my public PGP key: finger keramida@diogenis.ceid.upatras.gr PGP fingerprint, phone and address in the headers of this message. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000307025845.E84318>