Bug 8584 - security problems with bind & caching-nameserver
Summary: security problems with bind & caching-nameserver
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: caching-nameserver   
(Show other bugs)
Version: 6.1
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Cristian Gafton
QA Contact:
URL:
Whiteboard:
Keywords: FutureFeature
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-01-18 23:05 UTC by kyle
Modified: 2016-04-22 06:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-02-04 02:06:46 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description kyle 2000-01-18 23:05:48 UTC
Others have already pointed out the value of running the named service
non-root and chroot'ed.  These changes alone would have avoided the recent
and widespread ADMROCKS remote root exploits.  And, it is trivial to make
named drop root privileges; I am embarrassed that I didn't check it and
disappointed that RedHat didn't either, given the ubiquity of named.

There is another way in which ADMROCKS and other remote named exploits can
be avoided completely for -some- users, such as PPP or end-of-the-line
users.  Namely those of us with cachine-only nameservers probably do -not-
want to provide DNS service to the world.  So I suggest a
"caching-and-local-only" RPM which would refuse all DNS requests, except
those from localhost.  This is so simple.  Just add

	listen-on { 127.0.0.1; };

to the "options" phrase of /etc/named.conf.  This would protect a lot of
people at very low cost and enhance RedHat's reputation as a
security-conscious distribution.  Of course, there may still be a need for
the existing caching-only RPM, but given the currently unsafe privileges of
named, the out-of-the-box defaults are very unsafe.  See the
redhat-security list for the imapact of this combination of problems.

One more thing.  Mandrake (based on RedHat, I think) had bind 8.2.2-P5
RPM-ified just days after RedHat had bind 8.2.2-P3 RPM-ified, around
November 17, 1999.  RedHat still does not seem to have patchlevel 5
RPM-ified.  This is disappointing, given how remarkably cleanly it compiles
on RedHat 6.x.

Please keep up the good work and better,
Kyle Ferrio

Comment 1 Bill Nottingham 2000-01-19 03:42:59 UTC
Bind 8.2.2-P5 is in Raw Hide; it contains no security
fixes over the P3 (which is actually P4, apologies for
the confusion) that shipped as an errata.

Comment 2 Cristian Gafton 2000-02-04 02:06:59 UTC
A lot of people are using the caching nameserver setup as a departamental
nameserver and the changes proposed will break that setup.

Fiurthermore, adding another package that deals with the same problem of a
caching nameserver is only a potential source of more confusion for the new
users, whcih will ask themselves which package do they need.

Comment 3 openshift-github-bot 2016-04-22 06:37:08 UTC
Commit pushed to master at https://github.com/openshift/origin

https://github.com/openshift/origin/commit/8fb838f02bb5a7c6b50e476d40b17d38216da873
Merge pull request #8586 from soltysh/issue8584

Merged by openshift-bot


Note You need to log in before you can comment on or make changes to this bug.