Well,
I am not going to argue whether this is grave security bug or not. But
please note that there hasn't been single security issue I am aware of
in nsd2 (and nsd3), so this bug is only hypothetical.
However I am going to replace first two lines of start: to:
if ${rebuild} && [ \( "${zonesfile}" -nt "${dbfile}" \) -a -n
"${nsd_user}" ]; then /sbin/start-stop-daemon --start -c nsd:nsd
--exec /usr/sbin/nsdc -- rebuild; fi
And nsd2 is going to be dropped and replaced with nsd3 in next stable.
Ondrej
2009/1/31 Michael Tokarev <[email protected]>:
> Package: nsd
> Version: 2.3.7-1.1
> Severity: security
>
>
> In /etc/init.d/nsd script there's a construct (repeated twice):
>
> [ -n "${nsd_user}" ] && chown "${nsd_user}:" "${dbfile}"
>
> where dbfile defaults to /var/lib/nsd/nsd.db, or in chroot, and
> the parent directory of it (/var/lib/nsd) is owned by $nsd_user
> (default nsd).
>
> The whole chroot idea is to protect system from someone who managed
> to get a way to break into the system utilizing a bug in - in this
> case - nsd daemon. Assuming that in worst case, an attacker can
> execute arbitrary code on the system as a user running nsd.
>
> Now suppose the attacker changes /var/lib/nsd/nsd.db to be a
> symlink to /etc/password. And after the next restart or reload
> of nsd, that file's owner will be happily changed to nsd. With
> all bad stuff follows it.
>
> I can only guess where this chown come from, in the first place.
> But I *think* that proper solution will be to always run
> `nsdc rebuild' as that user instead of root. Note that running
> it as root so that the result is written into nsd-owned directory
> does no good too.
>
> This is, as far as I can see, Debian-specific security bug.
>
> -- System Information:
> Debian Release: 5.0
> APT prefers stable
> APT policy: (990, 'stable'), (500, 'testing'), (50, 'unstable'), (1,
> 'experimental')
> Architecture: i386 (i686)
>
> Kernel: Linux 2.6.28-i686smp (SMP w/2 CPU cores)
> Shell: /bin/sh linked to /bin/bash
>
> Versions of packages nsd depends on:
> ii adduser 3.110 add and remove users and groups
> ii libc6 2.7-18 GNU C Library: Shared libraries
> ii libssl0.9.8 0.9.8g-14 SSL shared libraries
> ii libwrap0 7.6.q-16 Wietse Venema's TCP wrappers
> libra
>
> nsd recommends no packages.
>
> nsd suggests no packages.
>
> -- no debconf information
>
>
>
--
Ondřej Surý <[email protected]>
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]