Others have already pointed out the value of running the named service non-root and chroot'ed. These changes alone would have avoided the recent and widespread ADMROCKS remote root exploits. And, it is trivial to make named drop root privileges; I am embarrassed that I didn't check it and disappointed that RedHat didn't either, given the ubiquity of named. There is another way in which ADMROCKS and other remote named exploits can be avoided completely for -some- users, such as PPP or end-of-the-line users. Namely those of us with cachine-only nameservers probably do -not- want to provide DNS service to the world. So I suggest a "caching-and-local-only" RPM which would refuse all DNS requests, except those from localhost. This is so simple. Just add listen-on { 127.0.0.1; }; to the "options" phrase of /etc/named.conf. This would protect a lot of people at very low cost and enhance RedHat's reputation as a security-conscious distribution. Of course, there may still be a need for the existing caching-only RPM, but given the currently unsafe privileges of named, the out-of-the-box defaults are very unsafe. See the redhat-security list for the imapact of this combination of problems. One more thing. Mandrake (based on RedHat, I think) had bind 8.2.2-P5 RPM-ified just days after RedHat had bind 8.2.2-P3 RPM-ified, around November 17, 1999. RedHat still does not seem to have patchlevel 5 RPM-ified. This is disappointing, given how remarkably cleanly it compiles on RedHat 6.x. Please keep up the good work and better, Kyle Ferrio
Bind 8.2.2-P5 is in Raw Hide; it contains no security fixes over the P3 (which is actually P4, apologies for the confusion) that shipped as an errata.
A lot of people are using the caching nameserver setup as a departamental nameserver and the changes proposed will break that setup. Fiurthermore, adding another package that deals with the same problem of a caching nameserver is only a potential source of more confusion for the new users, whcih will ask themselves which package do they need.
Commit pushed to master at https://github.com/openshift/origin https://github.com/openshift/origin/commit/8fb838f02bb5a7c6b50e476d40b17d38216da873 Merge pull request #8586 from soltysh/issue8584 Merged by openshift-bot