Bug 71302 - upgrading to errata packages blows away /etc/rndc.key if rndc.conf is modified
upgrading to errata packages blows away /etc/rndc.key if rndc.conf is modified
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: bind (Show other bugs)
7.3
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-08-12 05:20 EDT by James Henstridge
Modified: 2007-04-18 12:45 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-08-01 15:54:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description James Henstridge 2002-08-12 05:20:06 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1b) Gecko/20020805

Description of problem:
When upgrading to the new errata packages for bind, my /etc/rndc.key file got
overwritten with the last 4 lines of /etc/rndc.conf.  This wouldn't have been so
bad if I hadn't modified /etc/rndc.conf ...

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.modify rndc.conf to add something to the end of the file
2.install bind errata (bind-9.2.1-1.7x.2.i386.rpm)

	

Actual Results:  rndc.key gets overwritten with the last 4 lines of rndc.conf
(which may not be a valid "key" section).

Expected Results:  rndc.key stays the same.

Additional info:

I had been having some trouble getting the rndc command to work, so had played
around with the config files a bit.

I eventually got it working (added the missing include "/etc/rndc.key"; line in
named.conf).  While trying to fix it, I also modified the rndc.conf file
(changed it to use an include statement like in named.conf -- which seemed like
a good idea to ensure that named and rndc were using the same key).

After applying the errata update, the rndc.key file contained the following:
--- Cut here ---
};

include "/etc/rndc.key";

--- Cut here ---

By the way, have you considered structuring the config files this way? (an
include statement in both named.conf and rndc.conf).  This way it wouldn't be
necessary to restrict read access to /etc/rndc.conf (since the vulnerable data
would only be in /etc/rndc.key).
Comment 1 Daniel Walsh 2003-01-07 11:09:22 EST
Fixed in  bind-9.2.1-14

rndc.key is a totally separate file now.

Dan

Note You need to log in before you can comment on or make changes to this bug.