In message <alpine.bsf.2.00.0912131720060.1...@qbhto.arg>, Doug Barton writes: > On Fri, 11 Dec 2009, Mark Andrews wrote: > > In message <20091210.162242.460114267490885968.fujiw...@pyon.org>, fujiwara > @wid > > e.ad.jp writes: > >> I'm using BIND 9.7.0b3 an DLV (dns-lookaside auto;). > >> > >> The named tried to write "managed-keys.bind" file into the named's > >> working directory. > >> > >> The current BIND 9 requires the working directory is writable by named > >> (From ARM). But I think the working directory should not be writable > >> by named and some OSs' default configuration set the working directory > >> not writable. > > > > Then those OS's are misconfiguring named. > > Or, named is acting in an unsafe way. :) For example, see > https://lists.isc.org/pipermail/bind-users/2008-August/071912.html for my > proposal to separate the idea of "working directory" from "configuration > directory," and some of the reasons why. > > To repeat my primary objection, if the named user can write to the > configuration directory it can change the contents of named.conf. That's a > security problem.
"directory" has *always* specified the working directory. > > This has been a requirement since the BIND 4 days. It's just named has > > not complained > > Actually it does complain: > named[970]: the working directory is not writable > > > and there has been loss of functionality as a result. > > I would argue that this really hasn't been the case for FreeBSD, up till > this point there has been a workaround for all of the functionality that > users have asked for. > > > On some OS's this is the only way to get a core file for debugging as > > there is no way to specify anything other than the current working > > directory. > > Once again, I assert that this is a design flaw in named. Processes should > not be dumping random stuff into the same directory where their > configuration files go. It may have been acceptable back in the BIND 4 > days, but it's time to move on. > > > Note there is no requirement for named's config files to be below the > > working directory. > > This is something that I'll explore. I still prefer the solution to > separate the idea of config and working directories. Imagine a scenario > where the configuration stuff is on a read-only partition for example. Or OS maintainers shouldn't have put configuration files in the working directory. They were originally seperate. OS maintainers could have kept them seperate. > > The working directory does not have to be /var/named. > > In FreeBSD (as in other OSs that I looked at for examples) that's the root > of the chroot directory structure. > > >> I'm very happy if I can change the managed-keys.bind path. > > > > We will look into that. > > That would be good. I would argue that for any new feature configurability > for its file location(s) should be a requirement. > > > Doug > > -- > > Improve the effectiveness of your Internet presence with > a domain name makeover! http://SupersetSolutions.com/ > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
