Date: Tue, 02 Jul 2024 11:22:50 +0200 (CEST) From: sthaug@nethelp.no To: bzeeb-lists@lists.zabbadoz.net Cc: freebsd-stable@freebsd.org Subject: Re: BIND 9.19.24 not listening to rndc port (953) Message-ID: <20240702.112250.268297637701792446.sthaug@nethelp.no> In-Reply-To: <38321p06-q966-p811-oqpq-q679qpo9pp31@yvfgf.mnoonqbm.arg> References: <20240630.134609.2166404118346455953.sthaug@nethelp.no> <38321p06-q966-p811-oqpq-q679qpo9pp31@yvfgf.mnoonqbm.arg>
next in thread | previous in thread | raw e-mail | index | archive | help
>> Other info:
>>
>> - BIND 9.18.24 on the same host works perfectly, with no rndc issues.
>> - BIND 9.19.24 on the same host also works *if I change it to run as
>> root* (by default it runs as user bind). The syslog messages are gone,
>> and rndc works as expected.
>
> That sounds like they try to open the priv port after they changed
> users rather than before.
I ran named under truss, and as far as I can see that is exactly
what is happening:
root@nlab1:/local/etc/namedb # egrep 'setuid|setresuid|127.0.0.1:953' truss.log
38461: 0.063859531 setresuid(0xffffffff,0x35,0xffffffff) = 0 (0x0)
38461: 0.064231316 setresuid(0xffffffff,0x0,0xffffffff) = 0 (0x0)
38461: 0.064999183 setresuid(0xffffffff,0x35,0xffffffff) = 0 (0x0)
38461: 0.065332218 setresuid(0xffffffff,0x0,0xffffffff) = 0 (0x0)
38461: 0.083518302 setuid(0x35) = 0 (0x0)
38461: 0.093282161 bind(59,{ AF_INET 127.0.0.1:953 },16) ERR#13 'Permission denied'
So we set uid 53 (bind) at 0.083518302, and then try to bind to port
953 at 0.093282161.
Steinar Haug, AS2116
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20240702.112250.268297637701792446.sthaug>