Bug 216185 - bind-chroot-admin able to change root mode 750
bind-chroot-admin able to change root mode 750
Product: Fedora
Classification: Fedora
Component: bind (Show other bugs)
All Linux
medium Severity high
: ---
: ---
Assigned To: Adam Tkac
Ben Levenson
Depends On:
  Show dependency treegraph
Reported: 2006-11-17 12:30 EST by Joe Julian
Modified: 2013-04-30 19:34 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-05-02 12:52:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch to correct chmod not --preserve-root (1.47 KB, patch)
2006-11-17 12:30 EST, Joe Julian
no flags Details | Diff

  None (edit)
Description Joe Julian 2006-11-17 12:30:52 EST
Description of problem:
I have a simlink in /var/named/chroot/var/named as "chroot -> /" (needed for
ispconfig hosting control panel). When upgrading bind the rpm package runs
/usr/sbin/bind-chroot-admin. This changes root perms to 750. bind-chroot-admin
calls /bin/chmod and should use --preserve-root to prevent changing root.

Version-Release number of selected component (if applicable):
I first recognized this problem in bind-9.3.3-0.2.rc2.fc5

How reproducible:
every time

Steps to Reproduce:
1.Install bind less than 9.3.3-0.2.rc2.fc5
2.ln -s / /var/named/chroot/var/named
3.rpm -u bind-9.3.3-0.2.rc2.fc5.{machine}.rpm
Actual results:

Expected results:

Additional info:
Comment 1 Joe Julian 2006-11-17 12:30:52 EST
Created attachment 141507 [details]
Patch to correct chmod not --preserve-root
Comment 2 Martin Stransky 2006-11-17 16:28:19 EST
Okay, I understand. But why do you use chroot linked to / ? Why don't you just
remove the bind-chroot package? I think you'll get the same result...
Comment 3 Joe Julian 2006-11-17 23:22:16 EST
A simlink to root from /var/named/chroot/var/named/chroot when chrooted will
allow the config files to point to /var/named/chroot/var/named and still find
the data. The allows the admin scripts in ispconfig to work without
modification. ie. "/var/named/chroot/var/named/chroot -> /" with chroot
/var/named/chroot means that the simlink will point to the real
/var/named/chroot allowing me to use the long directoryname within a chroot.

My own opinion is that chmod should never be run without --preserve-root in
config scripts unless you specifically need to change root.
Comment 4 Martin Stransky 2006-11-21 11:36:08 EST
okay, added to CVS.
Comment 5 Adam Tkac 2007-05-02 12:52:50 EDT
Looks like fixed, closing

Note You need to log in before you can comment on or make changes to this bug.