Bug 758 - Unbound should test that auto-* files are writable
Unbound should test that auto-* files are writable
Product: unbound
Classification: Unclassified
Component: server
Other Linux
: P5 enhancement
Assigned To: unbound team
Depends on:
  Show dependency treegraph
Reported: 2016-04-27 11:16 CEST by Stéphane Bortzmeyer
Modified: 2016-04-28 09:23 CEST (History)
2 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Stéphane Bortzmeyer 2016-04-27 11:16:03 CEST
I just launched Unbound 1.5.8 with:

	auto-trust-anchor-file: "/tmp/foobar/root.key"

with a root.key file which was writable only by root, not by the Unbound user. Unbound did not complain at all. It will probably fail when the new root key will be published.

In the light of a possible future root KSK rollover, it seems a possible problem. Many people rely (wrongly, IMHO) on RFC 5011 to make this rollover.

I suggest to test the writability of auto-* files at startup.
Comment 1 Wouter Wijngaards 2016-04-28 09:07:57 CEST
Hi Stephane,

But unbound does?  On the first query, it'll lookup the root key; then the root key file is written again and unbound fatal-exits when the root key is not writable.

Unbound writes to the root key file every time it probes the . DNSKEY query.

Best regards, Wouter
Comment 2 Stéphane Bortzmeyer 2016-04-28 09:23:54 CEST
Yes, sorry, I was too impatient. (Apparently, in some cases, Unbound does not test immdiately? I cannot reproduce it right now.)

[1461828051] unbound[30703:0] debug: autotrust: write to disk: /tmp/foobar/root.key.30703-0
[1461828051] unbound[30703:0] fatal error: could not open autotrust file for writing, /tmp/foobar/root.key.30703-0: Permission denied