---------- Forwarded message ----------
From: Gordon Lang <gl...@goalex.com>
Date: Tue, Sep 29, 2015 at 5:29 PM
Subject: Re: problem using setuid ("-u" option) with BIND 9.10.3 on RedHat
when listening on tun/tap interface
To: Carl Byington <c...@byington.org>--disable-threads fixes the problem. But now the question is whether or not there is a way to make things work without disabling threads? Does anyone have insight into why supporting threads might interfere with the normal SUID bit based change of the effective user id? Thanks. -- Gordon A. Lang On Tue, Sep 29, 2015 at 11:02 AM, Carl Byington <c...@byington.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Thanks. I appreciate the information and the insights. I will add it > > to my list to learn more about SEL features. I will also take a look > > at the source RPM option. I am skeptical about it fixing my problem > > at hand, but who knows -- anything is worth a try at this point. > > Thanks again. > > from Mark Andrews list message: > > 9.9.3 doesn't build threaded by default. > 9.10.3 does build threaded by default. > > So you might try: > > ./configure --disable-threads --prefix=/export/local/ISC/bind-9.10.3 > make > make install > ... > > > My source rpm will build with threads enabled. From the syslog entries > on startup: > > Sep 16 15:53:12 ns named[17505]: starting BIND 9.10.3 <id:2799933> -u > named > Sep 16 15:53:12 ns named[17505]: built with '--build=x86_64-redhat- > linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat- > linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '-- > bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '-- > datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' ' > - --libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '-- > mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '-- > localstatedir=/var' '--enable-threads' '--enable-ipv6' '--enable-filter- > aaaa' '--with-pic' '--disable-static' '--disable-openssl-version-check' > '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' '--enable- > fixed-rrset' '--enable-sit' '--enable-fetchlimit' '--with-gssapi=yes' > '--disable-isc-spnego' '--with-tuning=large' '--with-geoip' '--with- > python' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat- > linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe > - -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param > =ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE' > > > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.14 (GNU/Linux) > > iEYEARECAAYFAlYKp9MACgkQL6j7milTFsEcrQCghZz08+ZOTBUiNpHF0Oe4TC5y > RF8An2c9nF+aUDxP/huhAMyW01BJBKE3 > =8AAA > -----END PGP SIGNATURE----- > > > -- -- Gordon A. Lang -- -- Gordon A. Lang
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
