On Thu, May 08, 2008, Alain Spineux wrote: > On Thu, May 8, 2008 at 4:33 PM, Ralf S. Engelschall <[EMAIL PROTECTED]> wrote: > > On Thu, May 08, 2008, Alain Spineux wrote: > > > > > > I found this too, this solve the chown(), but not the bind() ! > > > > For the bind I simply did a > > > > # chmod g+w /kolab/var/bind > > > > > > > > Then only two small thing tho change until the BIND developer team > > react :-) > > > > > > I didn't get any answer from bind's Team until now, except the ACK. > > > Do you plan to fix this in you package ? > > > > > > > > > > Index: bin/named/unix/os.c > > > > > --- bin/named/unix/os.c.orig 2006-02-04 00:51:38 +0100 > > > > > +++ bin/named/unix/os.c 2008-05-02 17:25:33 +0200 > > > > > @@ -212,6 +212,11 @@ > > > > > caps |= (1 << CAP_SETGID); > > > > > > > > > > /* > > > > > + * Since we call chown, we need this. > > > > > + */ > > > > > + caps |= (1 << CAP_CHOWN); > > > > > + > > > > > + /* > > > > > * Without this, we run into problems reading a > > configuration file > > > > > * owned by a non-root user and non-world-readable on > > startup. > > > > > */ > > > > I thought the CAP_CHOWN patch was not sufficient to also solve your > > bind(2) problem. So if I apply this fix we would not gain a final > > solution, right? But if you can confirm that applying my CAP_CHOWN patch > > is sufficient I'm happy to include it into the OpenPKG "bind" package, > > of course. > > Be happy :-) The CAP_CHOWN patch _and_ a "chmod g+w /kolab/var/bind" > solved the problem. You have to estimate the chmod effect on the > security!
I checked, a g+w is still acceptable to me from a security point of view. I've updated the package: patch included, permissions adjusted. Thanks for your feedback. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com ______________________________________________________________________ OpenPKG http://openpkg.org User Communication List openpkg-users@openpkg.org