Bug 265994 - dns/bind918 auto_chrootdir minor race condition in startup script
Summary: dns/bind918 auto_chrootdir minor race condition in startup script
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Mathieu Arnold
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-08-22 23:06 UTC by Michael Sinatra
Modified: 2022-09-28 14:24 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (mat)


Attachments
startup script patch (1.23 KB, patch)
2022-08-22 23:38 UTC, Michael Sinatra
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Sinatra 2022-08-22 23:06:18 UTC
Hi,

In the latest version of dns/bind918 (and possibly dns/bind916), the rc.d/named startup script appears to have a minor race condition.  Upon being issued the 'start' command, it appears to first attempt to find the PID file location via the config.  However, if the config file and working dir actually exist inside a chroot environment, and the symlink from the chrooted environment doesn't exist (or the chrooted environment itself isn't fully set up), the attempt to find the PID file fails and causes the startup to error out.  This despite the fact that the chroot_autoupdate would have created the link, but is called *after* 'find_pidfile'.

In the diffs below, I have moved the existence check for 'named_chrootdir' and resulting calls of 'chroot_autoupdate' to the top of the 'named_prestart' function, ahead of 'find_pidfile'.  This works in my chrooted environment, and *ought* to work in non-chrooted environments, since it first checks for 'named_chrootdir' being defined; however, I have not actually tested it in all possible environments.

To replicate:

1. Define 'named_chrootdir' and enable named in /etc/rc.conf 
2. rm <confdir> (e.g. 'rm /usr/local/etc/namedb' IFF symlink is already present
3. 'service named start'



--- named.orig	2022-08-22 22:06:52.618190000 +0000
+++ named.fixed	2022-08-22 22:04:11.918203000 +0000
@@ -309,6 +309,25 @@

 named_prestart()
 {
+	# Is the user using a sandbox?
+	#
+	if [ -n "${named_chrootdir}" ]; then
+		rc_flags="${rc_flags} -t ${named_chrootdir}"
+		checkyesno named_chroot_autoupdate && chroot_autoupdate
+
+		case "${altlog_proglist}" in
+		  *named*)
+		    ;;
+		  *)
+		    warn 'Using chroot without setting altlog_proglist, logging may not'
+		    warn 'work correctly.  Run sysrc altlog_proglist+=named'
+		    ;;
+		esac
+	else
+		named_symlink_enable=NO
+	fi
+
+
 	find_pidfile
 	find_sessionkeyfile

@@ -333,24 +352,6 @@
 	command_args="-u ${named_uid:=root} -c ${named_conf} ${command_args}"

 	local line nsip firstns
-
-	# Is the user using a sandbox?
-	#
-	if [ -n "${named_chrootdir}" ]; then
-		rc_flags="${rc_flags} -t ${named_chrootdir}"
-		checkyesno named_chroot_autoupdate && chroot_autoupdate
-
-		case "${altlog_proglist}" in
-		  *named*)
-		    ;;
-		  *)
-		    warn 'Using chroot without setting altlog_proglist, logging may not'
-		    warn 'work correctly.  Run sysrc altlog_proglist+=named'
-		    ;;
-		esac
-	else
-		named_symlink_enable=NO
-	fi

 	# Create an rndc.key file for the user if none exists
 	#
Comment 1 Michael Sinatra 2022-08-22 23:38:36 UTC
Created attachment 236069 [details]
startup script patch

Added the startup script patch as a separate attachment, if that helps.
Comment 2 commit-hook freebsd_committer freebsd_triage 2022-09-28 14:20:31 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=36ab384abd0413b0e3b9ef0c8e7f994eb03d456c

commit 36ab384abd0413b0e3b9ef0c8e7f994eb03d456c
Author:     Michael Sinatra <michael@burnttofu.net>
AuthorDate: 2022-09-28 14:17:27 +0000
Commit:     Mathieu Arnold <mat@FreeBSD.org>
CommitDate: 2022-09-28 14:19:36 +0000

    dns/bind9*: fix some race condition in rc script

    PR:             265994
    MFH:            yes

 dns/bind9-devel/Makefile       |  2 +-
 dns/bind9-devel/files/named.in | 36 ++++++++++++++++++------------------
 dns/bind916/Makefile           |  2 +-
 dns/bind916/files/named.in     | 36 ++++++++++++++++++------------------
 dns/bind918/Makefile           |  2 +-
 dns/bind918/files/named.in     | 36 ++++++++++++++++++------------------
 6 files changed, 57 insertions(+), 57 deletions(-)
Comment 3 commit-hook freebsd_committer freebsd_triage 2022-09-28 14:24:34 UTC
A commit in branch 2022Q3 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=78b484ed5d37d51a6d20491b348c42b457265385

commit 78b484ed5d37d51a6d20491b348c42b457265385
Author:     Michael Sinatra <michael@burnttofu.net>
AuthorDate: 2022-09-28 14:17:27 +0000
Commit:     Mathieu Arnold <mat@FreeBSD.org>
CommitDate: 2022-09-28 14:23:54 +0000

    dns/bind9*: fix some race condition in rc script

    PR:             265994
    MFH:            yes
    (cherry picked from commit 36ab384abd0413b0e3b9ef0c8e7f994eb03d456c)

 dns/bind9-devel/Makefile       |  2 +-
 dns/bind9-devel/files/named.in | 36 ++++++++++++++++++------------------
 dns/bind916/Makefile           |  2 +-
 dns/bind916/files/named.in     | 36 ++++++++++++++++++------------------
 dns/bind918/Makefile           |  2 +-
 dns/bind918/files/named.in     | 36 ++++++++++++++++++------------------
 6 files changed, 57 insertions(+), 57 deletions(-)