Bug 558497 - malicious "debug" code in bind init script
malicious "debug" code in bind init script
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: bind (Show other bugs)
11
All Linux
low Severity high
: ---
: ---
Assigned To: Adam Tkac
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-01-25 09:29 EST by Radek Liboska
Modified: 2013-04-30 19:45 EDT (History)
3 users (show)

See Also:
Fixed In Version: 9.6.1-16.P3.fc12
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-02-04 20:31:06 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Radek Liboska 2010-01-25 09:29:49 EST
Description of problem:

malicious code ("setsebool named_write_master_zones 0") in named.init was inserted by the "Fedora Project" into bind-9.6.1-9.P3.fc11.i586 (Fedora Updates, was not present in original release).
This code sets the selinux boolean "named_write_master_zones" to "off"; which made bind-9.6.1-9.P3.fc11 usage as the secondary nameserver impossible. Update of the bind package cripples nameserver. The bug is hard to find, because the initscript overwrites the selinux parameters every time the server is reloaded. 


Version-Release number of selected component (if applicable):

bind-9.6.1-9.P3.fc11.i586


How reproducible:

always

Steps to Reproduce:
1. service named reload
2.
3.
  
Actual results:

sebool variable named_write_master_zones switched off

Expected results:

sebool variable named_write_master_zones unchanged

Additional info:

remove "DEBUG" code from named.init; such crap has no place in this file!
Comment 1 Fedora Update System 2010-01-27 10:34:19 EST
bind-9.6.1-10.P3.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/bind-9.6.1-10.P3.fc11
Comment 2 Fedora Update System 2010-01-27 10:34:28 EST
bind-9.6.1-16.P3.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/bind-9.6.1-16.P3.fc12
Comment 3 Radek Liboska 2010-01-27 11:04:10 EST
fixed, thank you
Comment 4 Fedora Update System 2010-01-28 22:24:17 EST
bind-9.6.1-10.P3.fc11 has been pushed to the Fedora 11 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update bind'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2010-1186
Comment 5 Fedora Update System 2010-01-28 22:26:16 EST
bind-9.6.1-16.P3.fc12 has been pushed to the Fedora 12 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update bind'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2010-1195
Comment 6 Fedora Update System 2010-02-04 20:30:57 EST
bind-9.6.1-10.P3.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2010-02-04 20:38:47 EST
bind-9.6.1-16.P3.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.