[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-tech
Subject:    Re: Shouldn't BIND tools lok in /var/named chroot by default?
From:       Thomas Pfaff <tpfaff () agderlink ! no>
Date:       2008-11-25 20:07:30
Message-ID: 20081125210730.adc57a15.tpfaff () agderlink ! no
[Download RAW message or body]

On Tue, 25 Nov 2008 20:38:27 +0300
Vadim Zhukov <persgray@gmail.com> wrote:

> For example: named-checkconf(8) have -t option, and in default install we
> have to use it always. Proposal of patch below makes it chroot
> to /var/named by default, to disable this behavior "-t ''" is sufficient.
> If such change will be accepted I'll look through rest of BIND code to
> fix such issues.
[...]
> Index: usr.sbin/bind/bin/check/check-tool.h
> ===================================================================
> RCS file: /cvs/src/usr.sbin/bind/bin/check/check-tool.h,v
> retrieving revision 1.1.1.3
> diff -u -p -r1.1.1.3 check-tool.h
> --- usr.sbin/bind/bin/check/check-tool.h	9 Dec 2007 12:32:29 -0000	1.1.1.3
> +++ usr.sbin/bind/bin/check/check-tool.h	25 Nov 2008 17:29:19 -0000
> @@ -28,6 +28,8 @@
>  #include <dns/masterdump.h>
>  #include <dns/types.h>
>  
> +#define NAMED_CHROOT "/var/named"
> +
>  ISC_LANG_BEGINDECLS

IMHO, this should probably be made a compile-time option and sent upstream.

Just my .2 cents.

[prev in list] [next in list] [prev in thread] [next in thread]