From nobody Mon Aug 22 23:06:18 2022 X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4MBSf26NjCz4Zvk8 for ; Mon, 22 Aug 2022 23:06:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4MBSf25MWHz3ygf for ; Mon, 22 Aug 2022 23:06:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4MBSf24KTcz16h4 for ; Mon, 22 Aug 2022 23:06:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 27MN6I0q093757 for ; Mon, 22 Aug 2022 23:06:18 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 27MN6IST093756 for ports-bugs@FreeBSD.org; Mon, 22 Aug 2022 23:06:18 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 265994] dns/bind918 auto_chrootdir minor race condition in startup script Date: Mon, 22 Aug 2022 23:06:18 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: michael@burnttofu.net X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: mat@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter flagtypes.name Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Ports bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports-bugs@freebsd.org X-BeenThere: freebsd-ports-bugs@freebsd.org MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1661209578; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=LenBt5Nzeg5aOeofHfv4ZVPQMB3raRzdxe4uNRqRgaU=; b=L8XpzMtBTvJzRrJ6q/BtTZQj//TmTp89bLL68xWMu11XqrUOheqxvUjYdkxsNk0yVE8iAA Ylc/uxoHtSzu1FYlwNLI7UR6+bkEC+uOY488vC1v3NrvOzLfnEo5p5GEpEhsc0QdZGedsJ 1+SvvGUEeBZNydaFchlLql72Vk4IDS4YrwadduUBnTEk561a9Nvwu2lCKGkD5rVbRUQCr4 xqprGHteMpXdD5ETh0/Kuko7J9WWfTroBAuHGCwPqLbSdRpmAV/r83QY87sg2TO6VCBgkV ABfL2/mg4AKxBWpW4SqF9HZiQZ2JtnpoAW9SVR0fl4Z91MVBO3J0Vobh2mG+GQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1661209578; a=rsa-sha256; cv=none; b=Nk/NtOd/Nu4YKgaChj7Bpis1vUsoYyqBDUqMYnLnhSDhgYQKaP5kNAzEfjxGJzJGenB3sH lD50eG1NapVWTt8BJNhHKp8ykHyh0dsOJ27TxApI/0M7trJkOnDC0eYMVg9vUNzsmKmLjC bPp2IRQVTC9lj4n3RYKuAD9cbGuTrkmXEppy21uuzkmFqdxDoDOfFt/rfyWfnzG4T1662w SqTWLmVDPGOMfcFvL5KULq64+BVpfO5OTtQ4wf4J15tU9OVhkBVHL7DOnFgf7fN68itUTN 4/E45Dunylz8nyvHr8DEElWHzSR3vArxIrcMITVhGxynDm5HGABKhNjfgRIz0w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D265994 Bug ID: 265994 Summary: dns/bind918 auto_chrootdir minor race condition in startup script Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: mat@FreeBSD.org Reporter: michael@burnttofu.net Assignee: mat@FreeBSD.org Flags: maintainer-feedback?(mat@FreeBSD.org) Hi, In the latest version of dns/bind918 (and possibly dns/bind916), the rc.d/n= amed startup script appears to have a minor race condition. Upon being issued t= he 'start' command, it appears to first attempt to find the PID file location = via the config. However, if the config file and working dir actually exist ins= ide a chroot environment, and the symlink from the chrooted environment doesn't exist (or the chrooted environment itself isn't fully set up), the attempt = to find the PID file fails and causes the startup to error out. This despite = the fact that the chroot_autoupdate would have created the link, but is called *after* 'find_pidfile'. In the diffs below, I have moved the existence check for 'named_chrootdir' = and resulting calls of 'chroot_autoupdate' to the top of the 'named_prestart' function, ahead of 'find_pidfile'. This works in my chrooted environment, = and *ought* to work in non-chrooted environments, since it first checks for 'named_chrootdir' being defined; however, I have not actually tested it in = all possible environments. To replicate: 1. Define 'named_chrootdir' and enable named in /etc/rc.conf=20 2. rm (e.g. 'rm /usr/local/etc/namedb' IFF symlink is already pre= sent 3. 'service named start' --- named.orig 2022-08-22 22:06:52.618190000 +0000 +++ named.fixed 2022-08-22 22:04:11.918203000 +0000 @@ -309,6 +309,25 @@ named_prestart() { + # Is the user using a sandbox? + # + if [ -n "${named_chrootdir}" ]; then + rc_flags=3D"${rc_flags} -t ${named_chrootdir}" + checkyesno named_chroot_autoupdate && chroot_autoupdate + + case "${altlog_proglist}" in + *named*) + ;; + *) + warn 'Using chroot without setting altlog_proglist, log= ging may not' + warn 'work correctly. Run sysrc altlog_proglist+=3Dnam= ed' + ;; + esac + else + named_symlink_enable=3DNO + fi + + find_pidfile find_sessionkeyfile @@ -333,24 +352,6 @@ command_args=3D"-u ${named_uid:=3Droot} -c ${named_conf} ${command_= args}" local line nsip firstns - - # Is the user using a sandbox? - # - if [ -n "${named_chrootdir}" ]; then - rc_flags=3D"${rc_flags} -t ${named_chrootdir}" - checkyesno named_chroot_autoupdate && chroot_autoupdate - - case "${altlog_proglist}" in - *named*) - ;; - *) - warn 'Using chroot without setting altlog_proglist, log= ging may not' - warn 'work correctly. Run sysrc altlog_proglist+=3Dnam= ed' - ;; - esac - else - named_symlink_enable=3DNO - fi # Create an rndc.key file for the user if none exists # --=20 You are receiving this mail because: You are the assignee for the bug.=