Bug 8584 - security problems with bind & caching-nameserver
security problems with bind & caching-nameserver
Product: Red Hat Linux
Classification: Retired
Component: caching-nameserver (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Cristian Gafton
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2000-01-18 18:05 EST by kyle
Modified: 2016-04-22 02:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2000-02-03 21:06:46 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description kyle 2000-01-18 18:05:48 EST
Others have already pointed out the value of running the named service
non-root and chroot'ed.  These changes alone would have avoided the recent
and widespread ADMROCKS remote root exploits.  And, it is trivial to make
named drop root privileges; I am embarrassed that I didn't check it and
disappointed that RedHat didn't either, given the ubiquity of named.

There is another way in which ADMROCKS and other remote named exploits can
be avoided completely for -some- users, such as PPP or end-of-the-line
users.  Namely those of us with cachine-only nameservers probably do -not-
want to provide DNS service to the world.  So I suggest a
"caching-and-local-only" RPM which would refuse all DNS requests, except
those from localhost.  This is so simple.  Just add

	listen-on {; };

to the "options" phrase of /etc/named.conf.  This would protect a lot of
people at very low cost and enhance RedHat's reputation as a
security-conscious distribution.  Of course, there may still be a need for
the existing caching-only RPM, but given the currently unsafe privileges of
named, the out-of-the-box defaults are very unsafe.  See the
redhat-security list for the imapact of this combination of problems.

One more thing.  Mandrake (based on RedHat, I think) had bind 8.2.2-P5
RPM-ified just days after RedHat had bind 8.2.2-P3 RPM-ified, around
November 17, 1999.  RedHat still does not seem to have patchlevel 5
RPM-ified.  This is disappointing, given how remarkably cleanly it compiles
on RedHat 6.x.

Please keep up the good work and better,
Kyle Ferrio
Comment 1 Bill Nottingham 2000-01-18 22:42:59 EST
Bind 8.2.2-P5 is in Raw Hide; it contains no security
fixes over the P3 (which is actually P4, apologies for
the confusion) that shipped as an errata.
Comment 2 Cristian Gafton 2000-02-03 21:06:59 EST
A lot of people are using the caching nameserver setup as a departamental
nameserver and the changes proposed will break that setup.

Fiurthermore, adding another package that deals with the same problem of a
caching nameserver is only a potential source of more confusion for the new
users, whcih will ask themselves which package do they need.
Comment 3 openshift-github-bot 2016-04-22 02:37:08 EDT
Commit pushed to master at https://github.com/openshift/origin

Merge pull request #8586 from soltysh/issue8584

Merged by openshift-bot

Note You need to log in before you can comment on or make changes to this bug.