[Dnsmasq-discuss] dnsmasq runs as root if setcap() fails
Uwe Gansert
ug at suse.de
Fri Jun 20 09:51:24 BST 2008
On Thursday 19 June 2008, Simon Kelley wrote:
> That's a good idea, even simpler would be to just check that capget()
> will work early: that's enough to detect a kernel which doesn't have the
> correct support compiled in.
>
> Would that satisfy your security people, Uwe?
I talked to them and yes, that would be okay.
They just care about that no admin has a running root daemon by accident. Of
course we know that this is not per se a security problem but you know how
security guys are - totally paranoid :) It's part of their job.
So to quote them, "as long as dnsmasq terminates when capset() fails,
instead of falling back to root, we are happy :)"
Thanx Simon!
--
ciao, Uwe Gansert
Uwe Gansert, Server Technologies Team
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
Business: http://www.suse.de/~ug
More information about the Dnsmasq-discuss
mailing list