[Dnsmasq-discuss] dnsmasq runs as root if setcap() fails
Uwe Gansert
ug at suse.de
Thu Jun 19 16:05:31 BST 2008
On Thursday 19 June 2008, Simon Kelley wrote:
> > our security team did a review of the dnsmasq package in openSUSE.
> > This bug: https://bugzilla.novell.com/show_bug.cgi?id=401650 is maybe
> > worth a discussion here.
>
> Hmm, can't get at that without a login, are there any other interesting
> conclusions about dnsmasq security from the review?
just two issues. Running as user "nobody" is not a good idea and being in
group "dialout" too - might be openSUSE specific.
> > Quote: dnsmasq runs as root if the call to setcap() fails. For
>
> I'd be interested in opinions on this. Clearly, I think the current
> behaviour is good, since I coded it that way, but I'm willing to be
> persuaded otherwise. It's worth noting that in that in these
> circumstances (ie lack of suitable capability support) dnsmasq logs very
> explicit warning:
>
> dnsmasq: warning: setting capabilities failed: <error>
> dnsmasq: running as root.
I have the same opinion as our security team.
In case the capset fails, the fallback should be to the safe side
(terminating dnsmasq) and not to the more dangerous side (running as root).
A not so experienced administrator might run it as root then without
noticing but even the least experienced administrator would notice if it
does not run at all :) Then the admin can decide how to fix it. Force
dnsmasq to run as root via config or fix the broken capability support on
his system.
Maybe dnsmasq could terminate then with a message that capabilities don't
work and the daemon has to run as root, with a description of how to
configure it in dnsmasq.conf
--
ciao, Uwe Gansert
Uwe Gansert, Server Technologies Team
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
Business: http://www.suse.de/~ug
More information about the Dnsmasq-discuss
mailing list