[Dnsmasq-discuss] dnsmasq runs as root if setcap() fails
Bill C. Riemers
briemers at redhat.com
Thu Jun 19 20:54:56 BST 2008
I think the whole issue is rather mute. Just use SELinux to prohibit
dns-masq from
doing things it is not suppose to, and then there is no need to worry
about what user
it runs as.
Bill
Carlos Carvalho wrote:
> Simon Kelley (simon at thekelleys.org.uk) wrote on 19 June 2008 19:53:
> >The result of this is that if dnsmasq is going to exit because of
> >capability problems, it can't return a non-zero exit code: starting the
> >daemon will appear to start fine, and then it will silently kill itself
> >(logging is allowed, but not a return code to the init script.)
>
> I don't understand why. I think what Uwe says is that dnsmasq should
> completely abort, that is, it should kill the helper as well. This is
> possible if it still runs as root. And it should return a non-zero
> exit code, of course.
>
> It boils down to a choice between security and
> convenience/functionality. What do people usually chose? And what's
> the consequence of this attitude?...
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
More information about the Dnsmasq-discuss
mailing list