diff options
| author | Martin Stransky <stransky@fedoraproject.org> | 2006-11-21 16:33:52 +0000 |
|---|---|---|
| committer | Martin Stransky <stransky@fedoraproject.org> | 2006-11-21 16:33:52 +0000 |
| commit | 2dcae4b10529b1de26f8b089cac36e657f7b2cb1 (patch) | |
| tree | d34a3c61a3016cf25cb2f944f4fa6102548a41c9 | |
| parent | 3a49122da1b24f6f90fb069a17b8667bfcd9018f (diff) | |
| download | bind-2dcae4b10529b1de26f8b089cac36e657f7b2cb1.tar.gz bind-2dcae4b10529b1de26f8b089cac36e657f7b2cb1.tar.xz bind-2dcae4b10529b1de26f8b089cac36e657f7b2cb1.zip | |
fix for #216185: bind-chroot-admin able to change root mode 750
| -rw-r--r-- | bind-chroot-admin.in | 24 | ||||
| -rw-r--r-- | bind.spec | 1 |
2 files changed, 13 insertions, 12 deletions
diff --git a/bind-chroot-admin.in b/bind-chroot-admin.in index bdd4a1d..fc87221 100644 --- a/bind-chroot-admin.in +++ b/bind-chroot-admin.in @@ -78,24 +78,24 @@ function check_dirs() /bin/chmod 0640 /etc/sysconfig/named; fi /bin/mkdir -p ${BIND_DIR}/{slaves,data}; - /bin/chown root:named ${BIND_DIR}; - /bin/chown named:named ${BIND_DIR}/{slaves,data}; - /bin/chmod 750 ${BIND_DIR} - /bin/chmod 770 ${BIND_DIR}/{slaves,data}; + /bin/chown --preserve-root root:named ${BIND_DIR}; + /bin/chown --preserve-root named:named ${BIND_DIR}/{slaves,data}; + /bin/chmod --preserve-root 750 ${BIND_DIR} + /bin/chmod --preserve-root 770 ${BIND_DIR}/{slaves,data}; mkdir -p ${BIND_CHROOT_PREFIX}/{etc,dev,var/{run/named,named/{slaves,data}}}; - /bin/chown root:named ${BIND_CHROOT_PREFIX}/{etc,dev,var/{run,named/}}; - /bin/chown root:named ${BIND_CHROOT_PREFIX}/var; - /bin/chmod 750 ${BIND_CHROOT_PREFIX}/{,etc,dev,var,var/{run,named/}}; - /bin/chown named:named ${BIND_CHROOT_PREFIX}/var/{run/named,named/{data,slaves}}; - /bin/chmod 770 ${BIND_CHROOT_PREFIX}/var/{run/named,named/{slaves,data}}; + /bin/chown --preserve-root root:named ${BIND_CHROOT_PREFIX}/{etc,dev,var/{run,named/}}; + /bin/chown --preserve-root root:named ${BIND_CHROOT_PREFIX}/var; + /bin/chmod --preserve-root 750 ${BIND_CHROOT_PREFIX}/{,etc,dev,var,var/{run,named/}}; + /bin/chown --preserve-root named:named ${BIND_CHROOT_PREFIX}/var/{run/named,named/{data,slaves}}; + /bin/chmod --preserve-root 770 ${BIND_CHROOT_PREFIX}/var/{run/named,named/{slaves,data}}; [ ! -e "${BIND_CHROOT_PREFIX}/dev/random" ] && /bin/mknod "${BIND_CHROOT_PREFIX}/dev/random" c 1 8 [ ! -e "${BIND_CHROOT_PREFIX}/dev/zero" ] && /bin/mknod "${BIND_CHROOT_PREFIX}/dev/zero" c 1 5 [ ! -e "${BIND_CHROOT_PREFIX}/dev/null" ] && /bin/mknod "${BIND_CHROOT_PREFIX}/dev/null" c 1 3 [ ! -e "${BIND_CHROOT_PREFIX}/etc/localtime" ] && [ -e /etc/localtime ] && /bin/cp -fp /etc/localtime "${BIND_CHROOT_PREFIX}/etc/localtime"; - chown root:named "${BIND_CHROOT_PREFIX}"/dev/{random,null,zero}; - chmod 660 "${BIND_CHROOT_PREFIX}"/dev/{random,null,zero}; + /bin/chown --preserve-root root:named "${BIND_CHROOT_PREFIX}"/dev/{random,null,zero}; + /bin/chmod --preserve-root 660 "${BIND_CHROOT_PREFIX}"/dev/{random,null,zero}; if selinux_enabled && [ -x /usr/bin/chcon ]; then for dev in random zero null; do /usr/bin/chcon --reference=/dev/$dev ${BIND_CHROOT_PREFIX}/dev/$dev; @@ -321,4 +321,4 @@ case $1 in *) usage; exit 1; -esac
\ No newline at end of file +esac @@ -779,6 +779,7 @@ rm -rf ${RPM_BUILD_ROOT} * Fri Nov 21 2006 Martin Stransky <stransky@redhat.com> - 31:9.3.3-0.1.rc3 - added back an interval to restart - renamed package, it should meet the N-V-R criteria +- fix for #216185: bind-chroot-admin able to change root mode 750 * Mon Oct 30 2006 Martin Stransky <stransky@redhat.com> - 30:9.3.3-6 - fix for #200465: named-checkzone and co. cannot be run as non-root user |