diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2020-02-20 23:40:12 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2020-02-21 08:59:49 +0100 |
commit | 7ca677f34e2bc1408813c8cf7a22de78b8c8ff53 (patch) | |
tree | 24c67d046501bbfebb4c71da5b6ae6931abbb855 /source/n/bind/rc.bind | |
parent | 2ae63821ddbd9233bed2d74d4b138ca7e5a684bd (diff) | |
download | current-7ca677f34e2bc1408813c8cf7a22de78b8c8ff53.tar.gz |
Thu Feb 20 23:40:12 UTC 202020200220234012
a/ed-1.16-x86_64-1.txz: Upgraded.
l/gtk+3-3.24.14-x86_64-3.txz: Rebuilt.
Rebuilt to add wayland backend.
l/libuv-1.34.2-x86_64-1.txz: Added.
This is needed by bind-9.16.0.
l/qt5-5.13.2-x86_64-2.txz: Rebuilt.
Rebuilt to add wayland support.
Use the system ffmpeg, not the bundled one.
n/bind-9.16.0-x86_64-1.txz: Upgraded.
rc.bind: don't change file ownerships in /var/named. Thanks to voegelas.
n/proftpd-1.3.6c-x86_64-1.txz: Upgraded.
No CVEs assigned, but this sure looks like a security issue:
Use-after-free vulnerability in memory pools during data transfer.
(* Security fix *)
x/libinput-1.15.2-x86_64-1.txz: Upgraded.
x/xkbcomp-1.4.3-x86_64-1.txz: Upgraded.
testing/packages/PAM/proftpd-1.3.6c-x86_64-1_pam.txz: Upgraded.
No CVEs assigned, but this sure looks like a security issue:
Use-after-free vulnerability in memory pools during data transfer.
(* Security fix *)
Diffstat (limited to 'source/n/bind/rc.bind')
-rw-r--r-- | source/n/bind/rc.bind | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/source/n/bind/rc.bind b/source/n/bind/rc.bind index d58dc1e3..91ff8ce1 100644 --- a/source/n/bind/rc.bind +++ b/source/n/bind/rc.bind @@ -1,7 +1,7 @@ #!/bin/sh # Start/stop/restart the BIND name server daemon (named). -# Start bind. In the past it was more secure to run BIND as a non-root +# Start BIND. In the past it was more secure to run BIND as a non-root # user (for example, with '-u daemon'), but the modern version of BIND # knows how to use the kernel's capability mechanism to drop all root # privileges except the ability to bind() to a privileged port and set @@ -10,6 +10,10 @@ # can be set like this in /etc/default/named: # NAMED_OPTIONS="-u daemon" # So you will not have to edit this script. +# +# Please note that if you run BIND as a non-root user, your files in +# /var/named may need to be chowned to this user or else named will +# refuse to start. # You might also consider running BIND in a "chroot jail", # a discussion of which may be found in @@ -53,14 +57,15 @@ find_bind_user() { # running or you'll get more than one copy running. bind_start() { # If we are running as a non-root user, we'll need to be sure that - # /var/run/named exists, and /var/run/named and /var/named are - # chowned properly to that user: + # /var/run/named exists, and /var/run/named is chowned properly to + # that user. Your files in /var/named may need to be chowned as + # well, but that will be up to the sysadmin to do. BIND_USER="$(find_bind_user)" if [ ! "$BIND_USER" = "root" ]; then mkdir -p /var/run/named - chown -R $BIND_USER /var/run/named /var/named + chown -R $BIND_USER /var/run/named else # prevent error if switching back to running as root: - chown -R root /var/run/named /var/named + chown -R root /var/run/named fi if [ -x /usr/sbin/named ]; then echo "Starting BIND: /usr/sbin/named $NAMED_OPTIONS" |