[Dnsmasq-discuss] dnsmasq runs as root if setcap() fails

Uwe Gansert ug at suse.de
Fri Jun 20 15:24:47 BST 2008


On Friday 20 June 2008, Simon Kelley wrote:

> OK, too late. I picked up Bill's excellent suggestion and ran with it.
> Late night last night :-)

that's fine with me :)

> http://thekelleys.org.uk/dnsmasq/test-releases/dnsmasq-2.43test8.tar.gz
>
> does the full pipe-back-to-the-parent scheme, it checks every setuid,
> setgid, and capset. It checks for unknown users/groups, and even checks
> that it can write the pidfile!
>
> There's a fair number of changes, so I'd appreciate it if list members
> could try it out - if it starts OK there should be no problem, all the
> changes are in start-up code.

looks good here on openSUSE 11.0

> Uwe, could you throw it to the Lions and see what they say?

the lions are happy with it :) (no review on code base. Just on what you 
described how you fixed it).

-- 
ciao, Uwe Gansert

Uwe Gansert, Server Technologies Team
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
Business: http://www.suse.de/~ug



More information about the Dnsmasq-discuss mailing list