[Bug 265994] dns/bind918 auto_chrootdir minor race condition in startup script
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 22 Aug 2022 23:06:18 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=265994
Bug ID: 265994
Summary: dns/bind918 auto_chrootdir minor race condition in
startup script
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: Individual Port(s)
Assignee: mat@FreeBSD.org
Reporter: michael@burnttofu.net
Assignee: mat@FreeBSD.org
Flags: maintainer-feedback?(mat@FreeBSD.org)
Hi,
In the latest version of dns/bind918 (and possibly dns/bind916), the rc.d/named
startup script appears to have a minor race condition. Upon being issued the
'start' command, it appears to first attempt to find the PID file location via
the config. However, if the config file and working dir actually exist inside
a chroot environment, and the symlink from the chrooted environment doesn't
exist (or the chrooted environment itself isn't fully set up), the attempt to
find the PID file fails and causes the startup to error out. This despite the
fact that the chroot_autoupdate would have created the link, but is called
*after* 'find_pidfile'.
In the diffs below, I have moved the existence check for 'named_chrootdir' and
resulting calls of 'chroot_autoupdate' to the top of the 'named_prestart'
function, ahead of 'find_pidfile'. This works in my chrooted environment, and
*ought* to work in non-chrooted environments, since it first checks for
'named_chrootdir' being defined; however, I have not actually tested it in all
possible environments.
To replicate:
1. Define 'named_chrootdir' and enable named in /etc/rc.conf
2. rm <confdir> (e.g. 'rm /usr/local/etc/namedb' IFF symlink is already present
3. 'service named start'
--- named.orig 2022-08-22 22:06:52.618190000 +0000
+++ named.fixed 2022-08-22 22:04:11.918203000 +0000
@@ -309,6 +309,25 @@
named_prestart()
{
+ # Is the user using a sandbox?
+ #
+ if [ -n "${named_chrootdir}" ]; then
+ rc_flags="${rc_flags} -t ${named_chrootdir}"
+ checkyesno named_chroot_autoupdate && chroot_autoupdate
+
+ case "${altlog_proglist}" in
+ *named*)
+ ;;
+ *)
+ warn 'Using chroot without setting altlog_proglist, logging
may not'
+ warn 'work correctly. Run sysrc altlog_proglist+=named'
+ ;;
+ esac
+ else
+ named_symlink_enable=NO
+ fi
+
+
find_pidfile
find_sessionkeyfile
@@ -333,24 +352,6 @@
command_args="-u ${named_uid:=root} -c ${named_conf} ${command_args}"
local line nsip firstns
-
- # Is the user using a sandbox?
- #
- if [ -n "${named_chrootdir}" ]; then
- rc_flags="${rc_flags} -t ${named_chrootdir}"
- checkyesno named_chroot_autoupdate && chroot_autoupdate
-
- case "${altlog_proglist}" in
- *named*)
- ;;
- *)
- warn 'Using chroot without setting altlog_proglist, logging
may not'
- warn 'work correctly. Run sysrc altlog_proglist+=named'
- ;;
- esac
- else
- named_symlink_enable=NO
- fi
# Create an rndc.key file for the user if none exists
#
--
You are receiving this mail because:
You are the assignee for the bug.