Репозитории ALT
S: | 9.16.44-alt1 |
5.1: | 9.3.6-alt5 |
4.1: | 9.3.6-alt4.M41.2 |
+updates: | 9.3.6-alt4.M41.1 |
4.0: | 9.3.6-alt4.M41.1 |
+updates: | 9.3.6-alt4.M41.1 |
3.0: | 9.2.4.rel-alt2 |
Группа :: Система/Серверы
Пакет: bind
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: bind-9.3.6-openbsd-owl-chroot-defaults.patch
Скачать
Скачать
--- bind/bin/named/include/named/globals.h
+++ bind/bin/named/include/named/globals.h
@@ -101,7 +101,7 @@ EXTERN isc_resourcevalue_t ns_g_initopenfiles INIT(0);
* Misc.
*/
EXTERN isc_boolean_t ns_g_coreok INIT(ISC_TRUE);
-EXTERN const char * ns_g_chrootdir INIT(NULL);
+EXTERN const char * ns_g_chrootdir INIT("@ROOT@");
EXTERN isc_boolean_t ns_g_foreground INIT(ISC_FALSE);
EXTERN isc_boolean_t ns_g_logstderr INIT(ISC_FALSE);
@@ -111,7 +111,7 @@ EXTERN const char * lwresd_g_defaultpidfile INIT(NS_LOCALSTATEDIR
"/run/lwresd.pid");
EXTERN const char * ns_g_pidfile INIT(NS_LOCALSTATEDIR
"/run/named.pid");
-EXTERN const char * ns_g_username INIT(NULL);
+EXTERN const char * ns_g_username INIT("named");
EXTERN int ns_g_listen INIT(3);
--- bind/bin/named/named.8
+++ bind/bin/named/named.8
@@ -41,7 +41,7 @@ is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC.
.PP
When invoked without arguments,
\fBnamed\fR
-will read the default configuration file
+will \fBchroot()\fR to \fI@ROOT@\fR, read the default configuration file
\fI/etc/named.conf\fR, read any initial data, and listen for queries.
.SH "OPTIONS"
.PP
@@ -68,7 +68,7 @@ are mutually exclusive.
Use
\fIconfig\-file\fR
as the configuration file instead of the default,
-\fI/etc/named.conf\fR. To ensure that reloading the configuration file continues to work after the server has changed its working directory due to to a possible
+\fI@ROOT@/etc/named.conf\fR. To ensure that reloading the configuration file continues to work after the server has changed its working directory due to a possible
\fBdirectory\fR
option in the configuration file,
\fIconfig\-file\fR
@@ -150,6 +150,7 @@ reserves some file descriptors for its internal use.
to
\fIdirectory\fR
after processing the command line arguments, but before reading the configuration file.
+By default, \fBnamed\fR \fBchroot()\fR's to \fI@ROOT@\fR.
.RS
.B "Warning:"
This option should be used in conjunction with the
@@ -166,6 +167,7 @@ is defined allows a process with root privileges to escape a chroot jail.
to
\fIuser\fR
after completing privileged operations, such as creating sockets that listen on privileged ports.
+By default, \fBnamed\fR will run as user \fInamed\fR.
.RS
.B "Note:"
On Linux,