Well,
I am not going to argue whether this is grave security bug or not. But
please note that there hasn't been single security issue I am aware of
in nsd2 (and nsd3), so this bug is only hypothetical.
However I am going to replace first two lines of start: to:
if ${rebuild} [ \( ${zonesfile}
Ondřej Surý wrote:
Well,
I am not going to argue whether this is grave security bug or not. But
I didn't want to mark it as grave. In fact, I did something wrong
while submitting the bug, so it ended up with wrong (or no) severity.
It's definitely a security-related issue.
please note that
Package: nsd
Version: 2.3.7-1.1
Severity: security
In /etc/init.d/nsd script there's a construct (repeated twice):
[ -n ${nsd_user} ] chown ${nsd_user}: ${dbfile}
where dbfile defaults to /var/lib/nsd/nsd.db, or in chroot, and
the parent directory of it (/var/lib/nsd) is owned by
3 matches
Mail list logo
