Debian Bug report logs - #132582
bind: Default install is potentially insecure

Package: bind9; Maintainer for bind9 is Debian DNS Team <team+dns@tracker.debian.org>; Source for bind9 is src:bind9 (PTS, buildd, popcon).

Reported by: James Nord <teilo@teilo.net>

Date: Wed, 6 Feb 2002 11:48:04 UTC

Severity: wishlist

Tags: patch

Merged with 50013, 52745, 53550, 128129, 157245

Done: Thomas Goirand <thomas@goirand.fr>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Bdale Garbee <bdale@gag.com>, bind@packages.qa.debian.org:
Bug#132582; Package bind. (full text, mbox, link).

Acknowledgement sent to James Nord <teilo@teilo.net>:
New Bug report received and forwarded. Copy sent to Bdale Garbee <bdale@gag.com>, bind@packages.qa.debian.org. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: James Nord <teilo@teilo.net>
To: submit@bugs.debian.org
Subject: bind: Default install is potentially insecure
Date: Wed, 6 Feb 2002 12:46:46 +0100 (CET)
Package: bind
Version: 1:8.3.1-0.1
Severity: normal

The package istallation of bind runs bind as user root(!) when bind has facilities to change user.

It would be nice if the package set this up by default an then made the files that need to be writen writeable by that user (/var/run/named.pid, /etc/bind/named.run /var/cache/bind etc..)

-- System Information
Debian Release: 3.0
Kernel Version: Linux phoenix 2.4.14 #1 Wed Nov 14 02:14:38 CET 2001 i586 unknown

Versions of the packages bind depends on:
ii  libc6          2.2.5-2        GNU C Library: Shared libraries and Timezone
ii  netbase        4.07           Basic TCP/IP networking system

--- Begin /etc/init.d/bind (modified conffile)
#!/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin
test -x /usr/sbin/named || exit 0
case "$1" in
    start)
	echo -n "Starting domain name service: named"
	start-stop-daemon --start --quiet --exec /usr/sbin/named -- -u named -d 1
	echo "."	
    ;;
    stop)
	echo -n "Stopping domain name service: named"
	start-stop-daemon --stop --quiet  \
	    --pidfile /var/run/named.pid --exec /usr/sbin/named
	echo "."	
    ;;
    restart)
	/usr/sbin/ndc restart
    ;;
    
    reload)
	/usr/sbin/ndc reload
    ;;
    force-reload)
        $0 restart
    ;;
    *)
	echo "Usage: /etc/init.d/bind {start|stop|reload|restart|force-reload}" >&2
	exit 1
    ;;
esac
exit 0

--- End /etc/init.d/bind

--- Begin /etc/bind/named.conf (modified conffile)
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind/README.Debian for information on the 
// structure of BIND configuration files in Debian for BIND versions 8.2.1 
// and later, *BEFORE* you customize this configuration file.
//
options {
        directory "/var/cache/bind";
	// recursion no;
	notify yes;
	
	version "None of your business";
	
        // If there is a firewall between you and nameservers you want
        // to talk to, you might need to uncomment the query-source
        // directive below.  Previous versions of BIND always asked
        // questions using port 53, but BIND 8.1 and later use an unprivileged
        // port by default.
        // query-source address * port 53;
	// If your ISP provided one or more IP addresses for stable 
	// nameservers, you probably want to use them as forwarders.  
	// Uncomment the following block, and insert the addresses replacing 
	// the all-0's placeholder.
	// forwarders {
	// 	0.0.0.0;
	// };
};
// reduce log verbosity on issues outside our control
logging {
	category lame-servers { null; };
	category cname { null; };
};
// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};
 
zone "teilo.net" {
	type master;
	file "/etc/bind/teilo.zone";
};
zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};
//zone "0.in-addr.arpa" {
//        type master;
//        file "/etc/bind/db.0";
//};
//zone "255.in-addr.arpa" {
//        type master;
//        file "/etc/bind/db.255";
//};
// add entries for other zones below here

--- End /etc/bind/named.conf

--- Begin /etc/bind/db.0 (modified conffile)
Config file not present or no permissions for access

--- End /etc/bind/db.0

--- Begin /etc/bind/db.255 (modified conffile)
Config file not present or no permissions for access

--- End /etc/bind/db.255

Severity set to `wishlist'. Request was from bdale@gag.com (Bdale Garbee) to control@bugs.debian.org. (full text, mbox, link).

Merged 50013 52745 53550 128129 132582. Request was from bdale@gag.com (Bdale Garbee) to control@bugs.debian.org. (full text, mbox, link).

Merged 50013 52745 53550 128129 132582 157245. Request was from LaMont Jones <lamont@debian.org> to control@bugs.debian.org. (full text, mbox, link).

Bug reassigned from package `bind' to `bind9'. Request was from Marco Rodrigues <gothicx@sapo.pt> to control@bugs.debian.org. (Sun, 13 Jul 2008 22:07:10 GMT) (full text, mbox, link).

Bug reassigned from package `bind9' to `bind9'. Request was from Marco Rodrigues <gothicx@sapo.pt> to control@bugs.debian.org. (Sun, 13 Jul 2008 22:07:19 GMT) (full text, mbox, link).

Bug reassigned from package `bind9' to `bind9'. Request was from Marco Rodrigues <gothicx@sapo.pt> to control@bugs.debian.org. (Sun, 13 Jul 2008 22:07:36 GMT) (full text, mbox, link).

Bug reassigned from package `bind9' to `bind9'. Request was from Marco Rodrigues <gothicx@sapo.pt> to control@bugs.debian.org. (Sun, 13 Jul 2008 22:07:38 GMT) (full text, mbox, link).

Bug reassigned from package `bind9' to `bind9'. Request was from Marco Rodrigues <gothicx@sapo.pt> to control@bugs.debian.org. (Sun, 13 Jul 2008 22:07:59 GMT) (full text, mbox, link).

Bug reassigned from package `bind9' to `bind9'. Request was from Marco Rodrigues <gothicx@sapo.pt> to control@bugs.debian.org. (Sun, 13 Jul 2008 22:08:20 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#132582; Package bind9. (full text, mbox, link).

Acknowledgement sent to Marco Rodrigues <gothicx@sapo.pt>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>. (full text, mbox, link).

Message #28 received at 132582@bugs.debian.org (full text, mbox, reply):

From: Marco Rodrigues <gothicx@sapo.pt>
To: 402231@bugs.debian.org, 92147@bugs.debian.org, 52745@bugs.debian.org, 197670@bugs.debian.org, 481921@bugs.debian.org, 157245@bugs.debian.org, 248193@bugs.debian.org, 442910@bugs.debian.org, 81252@bugs.debian.org, 156349@bugs.debian.org, 94760@bugs.debian.org, 212625@bugs.debian.org, 260915@bugs.debian.org, 402232@bugs.debian.org, 86488@bugs.debian.org, 149342@bugs.debian.org, 282239@bugs.debian.org, 128129@bugs.debian.org, 62547@bugs.debian.org, 106789@bugs.debian.org, 46856@bugs.debian.org, 85081@bugs.debian.org, 242579@bugs.debian.org, 45470@bugs.debian.org, 50013@bugs.debian.org, 88326@bugs.debian.org, 95773@bugs.debian.org, 190577@bugs.debian.org, 53550@bugs.debian.org, 132492@bugs.debian.org, 24280@bugs.debian.org, 441290@bugs.debian.org, 88982@bugs.debian.org, 355787@bugs.debian.org, 199252@bugs.debian.org, 70079@bugs.debian.org, 213706@bugs.debian.org, 129710@bugs.debian.org, 170872@bugs.debian.org, 86013@bugs.debian.org, 280955@bugs.debian.org, 260759@bugs.debian.org, 99538@bugs.debian.org, 234167@bugs.debian.org, 132582@bugs.debian.org, 81190@bugs.debian.org, 352054@bugs.debian.org, 169124@bugs.debian.org, 132494@bugs.debian.org, 55032@bugs.debian.org, 85909@bugs.debian.org, 197669@bugs.debian.org, control@bugs.debian.org, bind9@packages.debian.org
Subject: Reassigning bugs from bind to bind9
Date: Sun, 13 Jul 2008 23:01:40 +0100
reassign 402231 bind9
reassign 92147 bind9
reassign 52745 bind9
reassign 197670 bind9
reassign 481921 bind9
reassign 157245 bind9
reassign 248193 bind9
reassign 442910 bind9
reassign 81252 bind9
reassign 156349 bind9
reassign 94760 bind9
reassign 212625 bind9
reassign 260915 bind9
reassign 402232 bind9
reassign 86488 bind9
reassign 149342 bind9
reassign 282239 bind9
reassign 128129 bind9
reassign 62547 bind9
reassign 106789 bind9
reassign 46856 bind9
reassign 85081 bind9
reassign 242579 bind9
reassign 45470 bind9
reassign 50013 bind9
reassign 88326 bind9
reassign 95773 bind9
reassign 190577 bind9
reassign 53550 bind9
reassign 132492 bind9
reassign 24280 bind9
reassign 441290 bind9
reassign 88982 bind9
reassign 355787 bind9
reassign 199252 bind9
reassign 70079 bind9
reassign 213706 bind9
reassign 129710 bind9
reassign 170872 bind9
reassign 86013 bind9
reassign 280955 bind9
reassign 260759 bind9
reassign 99538 bind9
reassign 234167 bind9
reassign 132582 bind9
reassign 81190 bind9
reassign 352054 bind9
reassign 169124 bind9
reassign 132494 bind9
reassign 55032 bind9
reassign 85909 bind9
reassign 197669 bind9
thanks

The bind package has been removed from Debian testing, unstable and
experimental. I am reassigning its bugs to the bind9 package. Please
have a look at them, and close them if they don't apply to
bind9 anymore.

Don't hesitate to reply to this mail if you have any question.

--
Marco Rodrigues
http://Marco.Tondela.org

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 15 Oct 2011 07:32:17 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Sep 2 00:32:58 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.