Bug 558497
| Summary: | malicious "debug" code in bind init script | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Radek Liboska <liboska> |
| Component: | bind | Assignee: | Adam Tkac <atkac> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | low | ||
| Version: | 11 | CC: | atkac, ovasik, pwouters |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | 9.6.1-16.P3.fc12 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2010-02-05 01:31:06 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
bind-9.6.1-10.P3.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/bind-9.6.1-10.P3.fc11 bind-9.6.1-16.P3.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/bind-9.6.1-16.P3.fc12 fixed, thank you bind-9.6.1-10.P3.fc11 has been pushed to the Fedora 11 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update bind'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2010-1186 bind-9.6.1-16.P3.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update bind'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2010-1195 bind-9.6.1-10.P3.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. bind-9.6.1-16.P3.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. |
Description of problem: malicious code ("setsebool named_write_master_zones 0") in named.init was inserted by the "Fedora Project" into bind-9.6.1-9.P3.fc11.i586 (Fedora Updates, was not present in original release). This code sets the selinux boolean "named_write_master_zones" to "off"; which made bind-9.6.1-9.P3.fc11 usage as the secondary nameserver impossible. Update of the bind package cripples nameserver. The bug is hard to find, because the initscript overwrites the selinux parameters every time the server is reloaded. Version-Release number of selected component (if applicable): bind-9.6.1-9.P3.fc11.i586 How reproducible: always Steps to Reproduce: 1. service named reload 2. 3. Actual results: sebool variable named_write_master_zones switched off Expected results: sebool variable named_write_master_zones unchanged Additional info: remove "DEBUG" code from named.init; such crap has no place in this file!