Date: Mon, 22 Aug 2022 23:06:18 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 265994] dns/bind918 auto_chrootdir minor race condition in startup script Message-ID: <bug-265994-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D265994 Bug ID: 265994 Summary: dns/bind918 auto_chrootdir minor race condition in startup script Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: mat@FreeBSD.org Reporter: michael@burnttofu.net Assignee: mat@FreeBSD.org Flags: maintainer-feedback?(mat@FreeBSD.org) Hi, In the latest version of dns/bind918 (and possibly dns/bind916), the rc.d/n= amed startup script appears to have a minor race condition. Upon being issued t= he 'start' command, it appears to first attempt to find the PID file location = via the config. However, if the config file and working dir actually exist ins= ide a chroot environment, and the symlink from the chrooted environment doesn't exist (or the chrooted environment itself isn't fully set up), the attempt = to find the PID file fails and causes the startup to error out. This despite = the fact that the chroot_autoupdate would have created the link, but is called *after* 'find_pidfile'. In the diffs below, I have moved the existence check for 'named_chrootdir' = and resulting calls of 'chroot_autoupdate' to the top of the 'named_prestart' function, ahead of 'find_pidfile'. This works in my chrooted environment, = and *ought* to work in non-chrooted environments, since it first checks for 'named_chrootdir' being defined; however, I have not actually tested it in = all possible environments. To replicate: 1. Define 'named_chrootdir' and enable named in /etc/rc.conf=20 2. rm <confdir> (e.g. 'rm /usr/local/etc/namedb' IFF symlink is already pre= sent 3. 'service named start' --- named.orig 2022-08-22 22:06:52.618190000 +0000 +++ named.fixed 2022-08-22 22:04:11.918203000 +0000 @@ -309,6 +309,25 @@ named_prestart() { + # Is the user using a sandbox? + # + if [ -n "${named_chrootdir}" ]; then + rc_flags=3D"${rc_flags} -t ${named_chrootdir}" + checkyesno named_chroot_autoupdate && chroot_autoupdate + + case "${altlog_proglist}" in + *named*) + ;; + *) + warn 'Using chroot without setting altlog_proglist, log= ging may not' + warn 'work correctly. Run sysrc altlog_proglist+=3Dnam= ed' + ;; + esac + else + named_symlink_enable=3DNO + fi + + find_pidfile find_sessionkeyfile @@ -333,24 +352,6 @@ command_args=3D"-u ${named_uid:=3Droot} -c ${named_conf} ${command_= args}" local line nsip firstns - - # Is the user using a sandbox? - # - if [ -n "${named_chrootdir}" ]; then - rc_flags=3D"${rc_flags} -t ${named_chrootdir}" - checkyesno named_chroot_autoupdate && chroot_autoupdate - - case "${altlog_proglist}" in - *named*) - ;; - *) - warn 'Using chroot without setting altlog_proglist, log= ging may not' - warn 'work correctly. Run sysrc altlog_proglist+=3Dnam= ed' - ;; - esac - else - named_symlink_enable=3DNO - fi # Create an rndc.key file for the user if none exists # --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-265994-7788>