View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0008079||Kali Linux||Kali Package Bug||public||2022-12-03 00:34||2023-02-16 04:23|
|Summary||0008079: The DNS server "named" (from the bind9) package crashes with the following error message:|
|Steps To Reproduce|
Install package "bind9":
$ sudo apt install bind9
Start named (either via systemctl service or directly from the command line):
$ sudo systemctl start named
The reason for the crash is that named is not allowed to read Kali's OpenSSL configuration at /etc/ssl/kali.cnf which is included by /etc/ssl/openssl.cnf, as the following strace output shows:
This is due to the file /etc/ssl/kali.cnf not being included in the Apparmor policy /etc/apparmor.d/usr.sbin.named which is shipped as part of the "bind9" package.
Adding a line like "/etc/ssl/kali.cnf r," to the Apparmor policy fixes the issue.
Thanks for the excellent bug report!
I opened an issue on the Debian bug tracker, to see if the bind9 maintainers would be willing to relax the apparmor profile for named: https://bugs.debian.org/1025519.
This is solved in package bind9 version 9.18.10-2, in Debian. The package didn't reach Kali yet.
The package bind9 9.18.10-2 is now in kali-rolling, so the issue is solved with:
|2022-12-03 00:34||jojonas||New Issue|
|2022-12-03 00:35||jojonas||Note Added: 0017121|
|2022-12-06 07:37||arnaudr||Note Added: 0017148|
|2022-12-06 07:37||arnaudr||Assigned To||=> arnaudr|
|2022-12-06 07:37||arnaudr||Status||new => assigned|
|2022-12-27 03:06||arnaudr||Note Added: 0017284|
|2023-01-17 15:43||arnaudr||Note Added: 0017403|
|2023-01-17 15:44||arnaudr||Status||assigned => resolved|
|2023-01-17 15:44||arnaudr||Resolution||open => fixed|