nsd 3.0.1 + chroot() = fail to write xfrdfile

Koh-ichi_Ito · September 26, 2006, 7:59am

Hello,

I found that nsd 3.0.1 invoked with -t option fails to write
xfrdfile at least exit time.

I guess that the reason is that the pathname of chroot()
jail is NOT striped from pathname of xfrdfile which is done
for dbfile and pidfile in server.c::server_init().

The following quick hack seems to fixes the problem.

*** nsd-3.0.1/server.c-dist Wed Aug 23 15:09:57 2006
--- nsd-3.0.1/server.c Tue Sep 26 16:50:08 2006

Wouter · September 26, 2006, 2:35pm

Hi Koh-ichi,

Thanks for the bugreport (bug #146). I have incorporated the patch into
NSD svn. Below my addition to the patch so the 'difffile:' entry also
works. Fix will be released in NSD 3.0.2.

Thanks for the fix,
Wouter

Koh-ichi Ito wrote:

Hello,

I found that nsd 3.0.1 invoked with -t option fails to write
xfrdfile at least exit time.

I guess that the reason is that the pathname of chroot()
jail is NOT striped from pathname of xfrdfile which is done
for dbfile and pidfile in server.c::server_init().

The following quick hack seems to fixes the problem.

*** nsd-3.0.1/server.c-dist Wed Aug 23 15:09:57 2006
--- nsd-3.0.1/server.c Tue Sep 26 16:50:08 2006
***************
*** 443,448 ****
--- 443,451 ----

                nsd->dbfile += l;
                nsd->pidfile += l;
+ if (nsd->options->xfrdfile) {
+ nsd->options->xfrdfile += l;
+ }

/* Insert here: */
if (nsd->options->difffile)
nsd->options->difffile += l;

Koh-ichi_Ito · September 27, 2006, 4:42am

Hello,

Excuse my carelessness. My fix was not enough.

I only examined my fix on the condition nsd.conf has
"xfrdfile:" entry. On this case, my fix works fine. But
without "xfrdfile:" entry, the value relies on the compile
time default. On this case, the assignment

if(!statefile)
statefile = XFRDFILE;

is done on xfrd-disk.c::xfrd_write_state(), so pathname of
chroot() jail is not stripped from XFRDFILE.

By the brute-force tactics, do same process on
xfrd_write_state() may help, but it may not elegant way.

Speak on DIFFFILE, the default value of "difffile:", the
assignment of default value is done on
options.c::nsd_options_create(), so it seems not to involved
the issue.

Regards,

Wouter · September 27, 2006, 5:55am

Hi Koh-ichi,

Yes you are right, I've treated xfrdfile like difffile is treated (in
nsd_options_create()). This saves work in other places. Changes are in
svn repository.

This then fixes chroot using default xfrdfile entry.

Best regards,
Wouter

Koh-ichi Ito wrote: