[Dnsmasq-discuss] dnsmasq runs as root if setcap() fails
Uwe Gansert
ug at suse.de
Fri Jun 20 15:24:47 BST 2008
On Friday 20 June 2008, Simon Kelley wrote:
> OK, too late. I picked up Bill's excellent suggestion and ran with it.
> Late night last night :-)
that's fine with me :)
> http://thekelleys.org.uk/dnsmasq/test-releases/dnsmasq-2.43test8.tar.gz
>
> does the full pipe-back-to-the-parent scheme, it checks every setuid,
> setgid, and capset. It checks for unknown users/groups, and even checks
> that it can write the pidfile!
>
> There's a fair number of changes, so I'd appreciate it if list members
> could try it out - if it starts OK there should be no problem, all the
> changes are in start-up code.
looks good here on openSUSE 11.0
> Uwe, could you throw it to the Lions and see what they say?
the lions are happy with it :) (no review on code base. Just on what you
described how you fixed it).
--
ciao, Uwe Gansert
Uwe Gansert, Server Technologies Team
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
Business: http://www.suse.de/~ug
More information about the Dnsmasq-discuss
mailing list