[Dnsmasq-discuss] dnsmasq runs as root if setcap() fails
Simon Kelley
simon at thekelleys.org.uk
Fri Jun 20 12:19:18 BST 2008
Uwe Gansert wrote:
> On Thursday 19 June 2008, Simon Kelley wrote:
>
>> That's a good idea, even simpler would be to just check that capget()
>> will work early: that's enough to detect a kernel which doesn't have the
>> correct support compiled in.
>>
>> Would that satisfy your security people, Uwe?
>
> I talked to them and yes, that would be okay.
> They just care about that no admin has a running root daemon by accident. Of
> course we know that this is not per se a security problem but you know how
> security guys are - totally paranoid :) It's part of their job.
> So to quote them, "as long as dnsmasq terminates when capset() fails,
> instead of falling back to root, we are happy :)"
>
> Thanx Simon!
>
OK, too late. I picked up Bill's excellent suggestion and ran with it.
Late night last night :-)
http://thekelleys.org.uk/dnsmasq/test-releases/dnsmasq-2.43test8.tar.gz
does the full pipe-back-to-the-parent scheme, it checks every setuid,
setgid, and capset. It checks for unknown users/groups, and even checks
that it can write the pidfile!
There's a fair number of changes, so I'd appreciate it if list members
could try it out - if it starts OK there should be no problem, all the
changes are in start-up code.
Uwe, could you throw it to the Lions and see what they say?
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list