Bug 216185

Summary: bind-chroot-admin able to change root mode 750
Product: [Fedora] Fedora Reporter: Joe Julian <joe>
Component: bindAssignee: Adam Tkac <atkac>
Status: CLOSED RAWHIDE QA Contact: Ben Levenson <benl>
Severity: high Docs Contact:
Priority: medium    
Version: 5CC: ovasik
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-05-02 16:52:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Patch to correct chmod not --preserve-root none

Description Joe Julian 2006-11-17 17:30:52 UTC
Description of problem:
I have a simlink in /var/named/chroot/var/named as "chroot -> /" (needed for
ispconfig hosting control panel). When upgrading bind the rpm package runs
/usr/sbin/bind-chroot-admin. This changes root perms to 750. bind-chroot-admin
calls /bin/chmod and should use --preserve-root to prevent changing root.

Version-Release number of selected component (if applicable):
I first recognized this problem in bind-9.3.3-0.2.rc2.fc5


How reproducible:
every time

Steps to Reproduce:
1.Install bind less than 9.3.3-0.2.rc2.fc5
2.ln -s / /var/named/chroot/var/named
3.rpm -u bind-9.3.3-0.2.rc2.fc5.{machine}.rpm
  
Actual results:


Expected results:


Additional info:

Comment 1 Joe Julian 2006-11-17 17:30:52 UTC
Created attachment 141507 [details]
Patch to correct chmod not --preserve-root

Comment 2 Martin Stransky 2006-11-17 21:28:19 UTC
Okay, I understand. But why do you use chroot linked to / ? Why don't you just
remove the bind-chroot package? I think you'll get the same result...

Comment 3 Joe Julian 2006-11-18 04:22:16 UTC
A simlink to root from /var/named/chroot/var/named/chroot when chrooted will
allow the config files to point to /var/named/chroot/var/named and still find
the data. The allows the admin scripts in ispconfig to work without
modification. ie. "/var/named/chroot/var/named/chroot -> /" with chroot
/var/named/chroot means that the simlink will point to the real
/var/named/chroot allowing me to use the long directoryname within a chroot.

My own opinion is that chmod should never be run without --preserve-root in
config scripts unless you specifically need to change root.

Comment 4 Martin Stransky 2006-11-21 16:36:08 UTC
okay, added to CVS.

Comment 5 Adam Tkac 2007-05-02 16:52:50 UTC
Looks like fixed, closing