NetBSD Problem Report #57442
From www@netbsd.org Sat May 27 11:41:32 2023
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 5D4801A9239
for <gnats-bugs@gnats.NetBSD.org>; Sat, 27 May 2023 11:41:32 +0000 (UTC)
Message-Id: <20230527114101.1F7481A9241@mollari.NetBSD.org>
Date: Sat, 27 May 2023 11:41:01 +0000 (UTC)
From: campbell+netbsd@mumble.net
Reply-To: campbell+netbsd@mumble.net
To: gnats-bugs@NetBSD.org
Subject: mdnsd(8) privilege separation is broken
X-Send-Pr-Version: www-1.0
>Number: 57442
>Category: bin
>Synopsis: mdnsd(8) privilege separation is broken
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: andvar
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat May 27 11:45:01 +0000 2023
>Closed-Date: Sun May 28 19:44:37 +0000 2023
>Last-Modified: Sun May 28 19:44:37 +0000 2023
>Originator: Taylor R Campbell
>Release: current
>Organization:
The NetMDNSD Foundation
>Environment:
>Description:
We have a pseudo-user _mdnsd for the use of mdnsd(8), but mdnsd(8) doesn't use it -- instead it uses the user nobody, which isn't supposed to be used by anybody. It appears to have been lost in a 2018 update among merge conflicts.
>How-To-Repeat:
$ service mdnsd onestart
$ ps axuwww | grep mdnsd
>Fix:
Yes, please!
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: bin-bug-people->andvar
Responsible-Changed-By: andvar@NetBSD.org
Responsible-Changed-When: Sat, 27 May 2023 16:47:16 +0000
Responsible-Changed-Why:
will reapply the patch for the _mdnsd user
From: "Andrius Varanavicius" <andvar@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/57442 CVS commit: src/external/apache2/mDNSResponder/dist/mDNSPosix
Date: Sat, 27 May 2023 17:58:59 +0000
Module Name: src
Committed By: andvar
Date: Sat May 27 17:58:59 UTC 2023
Modified Files:
src/external/apache2/mDNSResponder/dist/mDNSPosix: PosixDaemon.c
Log Message:
reapply changes for the built-in drop-privs support by tsarna.
this commit doesn't reapply "dumping of the unicast server list
to the DumpStateLog debugging output" enhancement.
It doesn't build anymore, no idea how to rewrite.
Should fix PR 57442. Needs pull-ups for netbsd-9, netbsd-10.
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 \
src/external/apache2/mDNSResponder/dist/mDNSPosix/PosixDaemon.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->pending-pullups
State-Changed-By: andvar@NetBSD.org
State-Changed-When: Sat, 27 May 2023 18:18:06 +0000
State-Changed-Why:
pullups created
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/57442 CVS commit: [netbsd-10] src/external/apache2/mDNSResponder/dist/mDNSPosix
Date: Sun, 28 May 2023 10:20:08 +0000
Module Name: src
Committed By: martin
Date: Sun May 28 10:20:08 UTC 2023
Modified Files:
src/external/apache2/mDNSResponder/dist/mDNSPosix [netbsd-10]:
PosixDaemon.c
Log Message:
Pull up following revision(s) (requested by andvar in ticket #183):
external/apache2/mDNSResponder/dist/mDNSPosix/PosixDaemon.c: revision 1.15
reapply changes for the built-in drop-privs support by tsarna.
this commit doesn't reapply "dumping of the unicast server list
to the DumpStateLog debugging output" enhancement.
It doesn't build anymore, no idea how to rewrite.
Should fix PR 57442. Needs pull-ups for netbsd-9, netbsd-10.
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.14.6.1 \
src/external/apache2/mDNSResponder/dist/mDNSPosix/PosixDaemon.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/57442 CVS commit: [netbsd-9] src/external/apache2/mDNSResponder/dist/mDNSPosix
Date: Sun, 28 May 2023 10:21:16 +0000
Module Name: src
Committed By: martin
Date: Sun May 28 10:21:15 UTC 2023
Modified Files:
src/external/apache2/mDNSResponder/dist/mDNSPosix [netbsd-9]:
PosixDaemon.c
Log Message:
Pull up following revision(s) (requested by andvar in ticket #1634):
external/apache2/mDNSResponder/dist/mDNSPosix/PosixDaemon.c: revision 1.15
reapply changes for the built-in drop-privs support by tsarna.
this commit doesn't reapply "dumping of the unicast server list
to the DumpStateLog debugging output" enhancement.
It doesn't build anymore, no idea how to rewrite.
Should fix PR 57442. Needs pull-ups for netbsd-9, netbsd-10.
To generate a diff of this commit:
cvs rdiff -u -r1.12.4.1 -r1.12.4.2 \
src/external/apache2/mDNSResponder/dist/mDNSPosix/PosixDaemon.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: pending-pullups->closed
State-Changed-By: andvar@NetBSD.org
State-Changed-When: Sun, 28 May 2023 19:44:37 +0000
State-Changed-Why:
pullups completed (thanks Martin)
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2023
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.