Wind River Support Network

HomeDefectsLIN5-4579
Fixed

LIN5-4579 : named running as root

Created: May 7, 2013    Updated: Dec 19, 2017
Resolved Date: Jun 25, 2013
Found In Version: 5.0.1
Fix Version: 5.0.1.4,5.0.1.5
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Networking

Description

The bind daemon (named) should run as a non-root user for security reasons.
Prior to WRL5 this was the case, but no longer.

It should also be run in a chroot jail.

Workaround

The start-up script can be modified or named started manually with the desired options.
The user and jail also need to be created manually.

Steps to Reproduce

$ configure --enable-board=qemux86 --enable-rootfs=glibc_std --enable-kernel=standard
$ make fs
$ make start-target

On the target:

# ps -ef | grep bind
root       492     1  0 15:22 ?        00:00:00 /usr/sbin/rpcbind

In previous versions of WRL it would run as user "named" and in a jail as this example from WRL3 shows:

named    30790  0.0  0.0 167808 19868 ?        Ssl  15:04   0:00
/usr/sbin/named -u named -t /var/named/chroot

Other Downloads


Live chat
Online