Date: Tue, 2 Jul 2024 17:05:48 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: sthaug@nethelp.no Cc: freebsd-stable@freebsd.org Subject: Re: BIND 9.19.24 not listening to rndc port (953) Message-ID: <18s0oq25-816s-84ns-41np-47402182ns46@yvfgf.mnoonqbm.arg> In-Reply-To: <20240702.112250.268297637701792446.sthaug@nethelp.no> References: <20240630.134609.2166404118346455953.sthaug@nethelp.no> <38321p06-q966-p811-oqpq-q679qpo9pp31@yvfgf.mnoonqbm.arg> <20240702.112250.268297637701792446.sthaug@nethelp.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 2 Jul 2024, sthaug@nethelp.no wrote:
>>> Other info:
>>>
>>> - BIND 9.18.24 on the same host works perfectly, with no rndc issues.
>>> - BIND 9.19.24 on the same host also works *if I change it to run as
>>> root* (by default it runs as user bind). The syslog messages are gone,
>>> and rndc works as expected.
>>
>> That sounds like they try to open the priv port after they changed
>> users rather than before.
>
> I ran named under truss, and as far as I can see that is exactly
> what is happening:
>
> root@nlab1:/local/etc/namedb # egrep 'setuid|setresuid|127.0.0.1:953' truss.log
> 38461: 0.063859531 setresuid(0xffffffff,0x35,0xffffffff) = 0 (0x0)
> 38461: 0.064231316 setresuid(0xffffffff,0x0,0xffffffff) = 0 (0x0)
> 38461: 0.064999183 setresuid(0xffffffff,0x35,0xffffffff) = 0 (0x0)
> 38461: 0.065332218 setresuid(0xffffffff,0x0,0xffffffff) = 0 (0x0)
> 38461: 0.083518302 setuid(0x35) = 0 (0x0)
> 38461: 0.093282161 bind(59,{ AF_INET 127.0.0.1:953 },16) ERR#13 'Permission denied'
>
> So we set uid 53 (bind) at 0.083518302, and then try to bind to port
> 953 at 0.093282161.
Are you going to poe a bug with the bind people?
/bz
--
Bjoern A. Zeeb r15:7
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?18s0oq25-816s-84ns-41np-47402182ns46>