Your message dated Tue, 24 Feb 2009 15:17:26 +0000
with message-id <e1lbz2e-0000rh...@ries.debian.org>
and subject line Bug#513717: fixed in nsd 2.3.7-2
has caused the Debian Bug report #513717,
regarding startup script chowns files writable by nsd thus making nsd user==root
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
513717: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513717
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: nsd
Version: 2.3.7-1.1
Severity: security
In /etc/init.d/nsd script there's a construct (repeated twice):
[ -n "${nsd_user}" ] && chown "${nsd_user}:" "${dbfile}"
where dbfile defaults to /var/lib/nsd/nsd.db, or in chroot, and
the parent directory of it (/var/lib/nsd) is owned by $nsd_user
(default nsd).
The whole chroot idea is to protect system from someone who managed
to get a way to break into the system utilizing a bug in - in this
case - nsd daemon. Assuming that in worst case, an attacker can
execute arbitrary code on the system as a user running nsd.
Now suppose the attacker changes /var/lib/nsd/nsd.db to be a
symlink to /etc/password. And after the next restart or reload
of nsd, that file's owner will be happily changed to nsd. With
all bad stuff follows it.
I can only guess where this chown come from, in the first place.
But I *think* that proper solution will be to always run
`nsdc rebuild' as that user instead of root. Note that running
it as root so that the result is written into nsd-owned directory
does no good too.
This is, as far as I can see, Debian-specific security bug.
-- System Information:
Debian Release: 5.0
APT prefers stable
APT policy: (990, 'stable'), (500, 'testing'), (50, 'unstable'), (1,
'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.28-i686smp (SMP w/2 CPU cores)
Shell: /bin/sh linked to /bin/bash
Versions of packages nsd depends on:
ii adduser 3.110 add and remove users and groups
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libssl0.9.8 0.9.8g-14 SSL shared libraries
ii libwrap0 7.6.q-16 Wietse Venema's TCP wrappers libra
nsd recommends no packages.
nsd suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: nsd
Source-Version: 2.3.7-2
We believe that the bug you reported is fixed in the latest version of
nsd, which is due to be installed in the Debian FTP archive:
nsd_2.3.7-2.diff.gz
to pool/main/n/nsd/nsd_2.3.7-2.diff.gz
nsd_2.3.7-2.dsc
to pool/main/n/nsd/nsd_2.3.7-2.dsc
nsd_2.3.7-2_amd64.deb
to pool/main/n/nsd/nsd_2.3.7-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 513...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ondřej Surý <ond...@debian.org> (supplier of updated nsd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 24 Feb 2009 15:06:01 +0100
Source: nsd
Binary: nsd
Architecture: source amd64
Version: 2.3.7-2
Distribution: unstable
Urgency: low
Maintainer: Ondřej Surý <ond...@debian.org>
Changed-By: Ondřej Surý <ond...@debian.org>
Description:
nsd - authoritative name domain server
Closes: 513717
Changes:
nsd (2.3.7-2) unstable; urgency=low
.
* Don't chown database file to nsd_user before reload and start.
* Build database file as nsd_user instead. (Closes: #513717)
* Acknowledge NMU.
Checksums-Sha1:
59d7200cf6734336925c1524fa738ef42645db1c 1019 nsd_2.3.7-2.dsc
5b48f5b1888a8db430eecddad108d0852ab4da2b 7712 nsd_2.3.7-2.diff.gz
85fdb37a02cc0727d9bffc01d7c6416a5d0dd3d0 179032 nsd_2.3.7-2_amd64.deb
Checksums-Sha256:
5d9151cf892a37dcb06c0839efe43f3961ffec4307e1cad8b44086750581c877 1019
nsd_2.3.7-2.dsc
a2ad038fe8ee6b99d3462fb13a097aff988c2a060dd83df0a3a7d262562d7f8a 7712
nsd_2.3.7-2.diff.gz
b44289d049533daa5457396a039072525fefdc8a27fc475695567e11a32b81b2 179032
nsd_2.3.7-2_amd64.deb
Files:
f72471bae37e2498ccd8f7ae0413d45b 1019 net optional nsd_2.3.7-2.dsc
656a7d8471ffe1d9f62d48234695acb1 7712 net optional nsd_2.3.7-2.diff.gz
9b46988f7f62ef699cba9e172e290d94 179032 net optional nsd_2.3.7-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkmkDRMACgkQ9OZqfMIN8nNzDACbBJHN4UuPsBoEVzC+cyAmTzNX
rV0AnRi/pdRarVFQFpkaWxw+OT6oHcS0
=HVgx
-----END PGP SIGNATURE-----
--- End Message ---
