Your message dated Sun, 22 Oct 2017 13:19:11 +0200
with message-id
<1508671151.815349.1146906880.773a8...@webmail.messagingengine.com>
and subject line Closing bugs in old-old-stable bind9 versions
has caused the Debian Bug report #161093,
regarding bind9: does not allow running as non-root
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
161093: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=161093
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: bind9
Version: 1:9.2.1-4
Severity: normal
In the past I have started bind with the following command:
sudo -u named authbind named
This means that the named process never gets root access at any time, and
authbind is configured to allow it to bind to port 53.
This has worked well in bind4 and bind8 for years.
Now bind9 makes things more difficult, it won't bind to port 953 for the
control port because it apparently drops it's capabilities after binding to
port 53 but before binding to port 953 (so authbind loses the access).
I think that there should be an option to disable the capabilities code,
without that code when running as non-root with authbind it was safer than it
is now running as root without the capabilities. Root with no capabilities
can still write to /etc/shadow...
-- System Information
Debian Release: testing/unstable
Kernel Version: Linux lyta 2.4.19lsm #1 Sat Aug 24 18:59:35 CEST 2002 i686
unknown unknown GNU/Linux
Versions of the packages bind9 depends on:
ii libc6 2.2.5-14.2 GNU C Library: Shared libraries and Timezone
ii libdns5 9.2.1-4 DNS Shared Library used by BIND
ii libisc4 9.2.1-4 ISC Shared Library used by BIND
ii libisccc0 9.2.1-4 Command Channel Library used by BIND
ii libisccfg0 9.2.1-4 Config File Handling Library used by BIND
ii liblwres1 9.2.1-4 Lightweight Resolver Library used by BIND
ii libssl0.9.6 0.9.6g-2 SSL shared libraries
ii netbase 4.07 Basic TCP/IP networking system
--- Begin /etc/bind/named.conf (modified conffile)
Config file not present or no permissions for access
--- End /etc/bind/named.conf
--- Begin /etc/bind/db.0 (modified conffile)
Config file not present or no permissions for access
--- End /etc/bind/db.0
--- Begin /etc/bind/db.127 (modified conffile)
Config file not present or no permissions for access
--- End /etc/bind/db.127
--- Begin /etc/bind/db.255 (modified conffile)
Config file not present or no permissions for access
--- End /etc/bind/db.255
--- Begin /etc/bind/db.local (modified conffile)
Config file not present or no permissions for access
--- End /etc/bind/db.local
--- Begin /etc/bind/db.root (modified conffile)
Config file not present or no permissions for access
--- End /etc/bind/db.root
--- End Message ---
--- Begin Message ---
Version: 1:9.10.3.dfsg.P4-12.3
Hi,
the bind9 bug list grew too much and the Debian BIND team cannot
simply test all the reported bugs against versions not in stable, so
this is mass bug close, as either the version is no longer relevant
(because of old-old-stable 9.8.x or old-stable 9.9.5 or even older
version of bind9) or the bug was already fixed.
However, if you can reproduce the bug with a current version in stable,
please use Debian BTS 'found <bug> <version_you_reproduced_the_issue>'
command to retag the bug and reopen it.
Cheers,
Ondrej
signature.asc
Description: PGP signature
--- End Message ---
