[Dnsmasq-discuss] dnsmasq runs as root if setcap() fails

Uwe Gansert ug at suse.de
Thu Jun 19 16:05:31 BST 2008


On Thursday 19 June 2008, Simon Kelley wrote:

> > our security team did a review of the dnsmasq package in openSUSE.
> > This bug: https://bugzilla.novell.com/show_bug.cgi?id=401650 is maybe
> > worth a discussion here.
>
> Hmm, can't get at that without a login, are there any other interesting
> conclusions about dnsmasq security from the review?

just two issues. Running as user "nobody" is not a good idea and being in 
group "dialout" too - might be openSUSE specific.

> > Quote: dnsmasq runs as root if the call to setcap() fails. For
>
> I'd be interested in opinions on this. Clearly, I think the current
> behaviour is good, since I coded it that way, but I'm willing to be
> persuaded otherwise. It's worth noting that in that in these
> circumstances (ie lack of suitable capability support) dnsmasq logs very
> explicit warning:
>
> dnsmasq: warning: setting capabilities failed: <error>
> dnsmasq: running as root.

I have the same opinion as our security team.
In case the capset fails, the fallback should be to the safe side 
(terminating dnsmasq) and not to the more dangerous side (running as root).
A not so experienced administrator might run it as root then without 
noticing but even the least experienced administrator would notice if it 
does not run at all :) Then the admin can decide how to fix it. Force 
dnsmasq to run as root via config or fix the broken capability support on 
his system.
Maybe dnsmasq could terminate then with a message that capabilities don't 
work and the daemon has to run as root, with a description of how to 
configure it in dnsmasq.conf

-- 
ciao, Uwe Gansert

Uwe Gansert, Server Technologies Team
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
Business: http://www.suse.de/~ug



More information about the Dnsmasq-discuss mailing list