Bug 216185 - bind-chroot-admin able to change root mode 750
Summary: bind-chroot-admin able to change root mode 750
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: bind
Version: 5
Hardware: All
OS: Linux
medium
high
Target Milestone: ---
Assignee: Adam Tkac
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-11-17 17:30 UTC by Joe Julian
Modified: 2013-04-30 23:34 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2007-05-02 16:52:50 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
Patch to correct chmod not --preserve-root (1.47 KB, patch)
2006-11-17 17:30 UTC, Joe Julian
no flags Details | Diff

Description Joe Julian 2006-11-17 17:30:52 UTC
Description of problem:
I have a simlink in /var/named/chroot/var/named as "chroot -> /" (needed for
ispconfig hosting control panel). When upgrading bind the rpm package runs
/usr/sbin/bind-chroot-admin. This changes root perms to 750. bind-chroot-admin
calls /bin/chmod and should use --preserve-root to prevent changing root.

Version-Release number of selected component (if applicable):
I first recognized this problem in bind-9.3.3-0.2.rc2.fc5


How reproducible:
every time

Steps to Reproduce:
1.Install bind less than 9.3.3-0.2.rc2.fc5
2.ln -s / /var/named/chroot/var/named
3.rpm -u bind-9.3.3-0.2.rc2.fc5.{machine}.rpm
  
Actual results:


Expected results:


Additional info:

Comment 1 Joe Julian 2006-11-17 17:30:52 UTC
Created attachment 141507 [details]
Patch to correct chmod not --preserve-root

Comment 2 Martin Stransky 2006-11-17 21:28:19 UTC
Okay, I understand. But why do you use chroot linked to / ? Why don't you just
remove the bind-chroot package? I think you'll get the same result...

Comment 3 Joe Julian 2006-11-18 04:22:16 UTC
A simlink to root from /var/named/chroot/var/named/chroot when chrooted will
allow the config files to point to /var/named/chroot/var/named and still find
the data. The allows the admin scripts in ispconfig to work without
modification. ie. "/var/named/chroot/var/named/chroot -> /" with chroot
/var/named/chroot means that the simlink will point to the real
/var/named/chroot allowing me to use the long directoryname within a chroot.

My own opinion is that chmod should never be run without --preserve-root in
config scripts unless you specifically need to change root.

Comment 4 Martin Stransky 2006-11-21 16:36:08 UTC
okay, added to CVS.

Comment 5 Adam Tkac 2007-05-02 16:52:50 UTC
Looks like fixed, closing


Note You need to log in before you can comment on or make changes to this bug.