NetBSD Problem Report #57442

From www@netbsd.org  Sat May 27 11:41:32 2023
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 5D4801A9239
	for <gnats-bugs@gnats.NetBSD.org>; Sat, 27 May 2023 11:41:32 +0000 (UTC)
Message-Id: <20230527114101.1F7481A9241@mollari.NetBSD.org>
Date: Sat, 27 May 2023 11:41:01 +0000 (UTC)
From: campbell+netbsd@mumble.net
Reply-To: campbell+netbsd@mumble.net
To: gnats-bugs@NetBSD.org
Subject: mdnsd(8) privilege separation is broken
X-Send-Pr-Version: www-1.0

>Number:         57442
>Category:       bin
>Synopsis:       mdnsd(8) privilege separation is broken
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    andvar
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat May 27 11:45:01 +0000 2023
>Closed-Date:    Sun May 28 19:44:37 +0000 2023
>Last-Modified:  Sun May 28 19:44:37 +0000 2023
>Originator:     Taylor R Campbell
>Release:        current
>Organization:
The NetMDNSD Foundation
>Environment:
>Description:
We have a pseudo-user _mdnsd for the use of mdnsd(8), but mdnsd(8) doesn't use it -- instead it uses the user nobody, which isn't supposed to be used by anybody.  It appears to have been lost in a 2018 update among merge conflicts.
>How-To-Repeat:
$ service mdnsd onestart
$ ps axuwww | grep mdnsd
>Fix:
Yes, please!

>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: bin-bug-people->andvar
Responsible-Changed-By: andvar@NetBSD.org
Responsible-Changed-When: Sat, 27 May 2023 16:47:16 +0000
Responsible-Changed-Why:
will reapply the patch for the _mdnsd user

From: "Andrius Varanavicius" <andvar@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/57442 CVS commit: src/external/apache2/mDNSResponder/dist/mDNSPosix
Date: Sat, 27 May 2023 17:58:59 +0000

 Module Name:	src
 Committed By:	andvar
 Date:		Sat May 27 17:58:59 UTC 2023

 Modified Files:
 	src/external/apache2/mDNSResponder/dist/mDNSPosix: PosixDaemon.c

 Log Message:
 reapply changes for the built-in drop-privs support by tsarna.
 this commit doesn't reapply "dumping of the unicast server list
 to the DumpStateLog debugging output" enhancement.
 It doesn't build anymore, no idea how to rewrite.
 Should fix PR 57442. Needs pull-ups for netbsd-9, netbsd-10.


 To generate a diff of this commit:
 cvs rdiff -u -r1.14 -r1.15 \
     src/external/apache2/mDNSResponder/dist/mDNSPosix/PosixDaemon.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->pending-pullups
State-Changed-By: andvar@NetBSD.org
State-Changed-When: Sat, 27 May 2023 18:18:06 +0000
State-Changed-Why:
pullups created 

From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/57442 CVS commit: [netbsd-10] src/external/apache2/mDNSResponder/dist/mDNSPosix
Date: Sun, 28 May 2023 10:20:08 +0000

 Module Name:	src
 Committed By:	martin
 Date:		Sun May 28 10:20:08 UTC 2023

 Modified Files:
 	src/external/apache2/mDNSResponder/dist/mDNSPosix [netbsd-10]:
 	    PosixDaemon.c

 Log Message:
 Pull up following revision(s) (requested by andvar in ticket #183):

 	external/apache2/mDNSResponder/dist/mDNSPosix/PosixDaemon.c: revision 1.15

 reapply changes for the built-in drop-privs support by tsarna.

 this commit doesn't reapply "dumping of the unicast server list
 to the DumpStateLog debugging output" enhancement.
 It doesn't build anymore, no idea how to rewrite.

 Should fix PR 57442. Needs pull-ups for netbsd-9, netbsd-10.


 To generate a diff of this commit:
 cvs rdiff -u -r1.14 -r1.14.6.1 \
     src/external/apache2/mDNSResponder/dist/mDNSPosix/PosixDaemon.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/57442 CVS commit: [netbsd-9] src/external/apache2/mDNSResponder/dist/mDNSPosix
Date: Sun, 28 May 2023 10:21:16 +0000

 Module Name:	src
 Committed By:	martin
 Date:		Sun May 28 10:21:15 UTC 2023

 Modified Files:
 	src/external/apache2/mDNSResponder/dist/mDNSPosix [netbsd-9]:
 	    PosixDaemon.c

 Log Message:
 Pull up following revision(s) (requested by andvar in ticket #1634):

 	external/apache2/mDNSResponder/dist/mDNSPosix/PosixDaemon.c: revision 1.15

 reapply changes for the built-in drop-privs support by tsarna.

 this commit doesn't reapply "dumping of the unicast server list
 to the DumpStateLog debugging output" enhancement.
 It doesn't build anymore, no idea how to rewrite.

 Should fix PR 57442. Needs pull-ups for netbsd-9, netbsd-10.


 To generate a diff of this commit:
 cvs rdiff -u -r1.12.4.1 -r1.12.4.2 \
     src/external/apache2/mDNSResponder/dist/mDNSPosix/PosixDaemon.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: pending-pullups->closed
State-Changed-By: andvar@NetBSD.org
State-Changed-When: Sun, 28 May 2023 19:44:37 +0000
State-Changed-Why:
pullups completed (thanks Martin)

>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2023 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.