Re: problem using setuid ("-u" option) with BIND 9.10.3 on RedHat when listening on tun/tap interface

2015-09-27 Thread Gordon Lang
Here is the file info: glang@nstv1:/export/local/ISC> ls -ld bind-9.10.3/sbin bind-9.10.3/sbin/named drwxrwsr-x. 2 incadmin network 4096 Sep 26 10:39 bind-9.10.3/sbin -rwsr-xr-x. 2 root network 10095219 Sep 26 09:16 bind-9.10.3/sbin/named glang@nstv1:/export/local/ISC> If I run "named"

Re: problem using setuid ("-u" option) with BIND 9.10.3 on RedHat when listening on tun/tap interface

2015-09-27 Thread Niall O'Reilly
On Sat, 26 Sep 2015 17:27:56 +0100, Gordon Lang wrote: > > CHANGE: I did not properly characterized the problem in my original > post, so here is the real situation. > > If the bash shell from which I launch "named" is owned by root, then > "named" runs perfectly using the "-u" option, even

Re: problem using setuid ("-u" option) with BIND 9.10.3 on RedHat when listening on tun/tap interface

2015-09-27 Thread Niall O'Reilly
On Sun, 27 Sep 2015 16:59:14 +0100, Gordon Lang wrote: > > Here is the file info: > > glang@nstv1:/export/local/ISC> ls -ld bind-9.10.3/sbin > bind-9.10.3/sbin/named > drwxrwsr-x. 2 incadmin network 4096 Sep 26 10:39 bind-9.10.3/sbin > -rwsr-xr-x. 2 root network 10095219 Sep 26 09:16 >

Re: problem using setuid ("-u" option) with BIND 9.10.3 on RedHat when listening on tun/tap interface

2015-09-27 Thread Mark Andrews
In message , Gordon Lang writes: > > It works fine with BIND 9.9.3 but not 9.10.3 on the same server. 9.9.3 doesn't build threaded by default. 9.10.3 does build threaded by default. Linux threads are a total mess as they are

Re: problem using setuid ("-u" option) with BIND 9.10.3 on RedHat when listening on tun/tap interface

2015-09-27 Thread Carl Byington
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 2015-09-27 at 15:31 -0400, Gordon Lang wrote: > > It works fine with BIND 9.9.3 but not 9.10.3 on the same server. Since this is rhel6, I presume you are running with selinux: cat /etc/selinux/config grep named /var/log/audit/audit.log |

Re: problem using setuid ("-u" option) with BIND 9.10.3 on RedHat when listening on tun/tap interface

2015-09-27 Thread Rick Dicaire
Unless something has changed, root is required to bind to ports below 1024 before privilege separation can begin. On Sun, Sep 27, 2015 at 11:59 AM, Gordon Lang wrote: > Here is the file info: > > glang@nstv1:/export/local/ISC> ls -ld bind-9.10.3/sbin > bind-9.10.3/sbin/named >

Re: Caching and upper case issue with BIND 9.9.7-P3

2015-09-27 Thread /dev/rob0
On Wed, Sep 23, 2015 at 08:18:45AM -0700, cypher Nix wrote: > We eventually restarted BIND and the issue went away. After > restarting BIND all responses served from cache are now lower > case, as expected. Restarting is a very painful way to fix cache issues. Consider as better choices: