[Dnsmasq-discuss] dnsmasq runs as root if setcap() fails
Uwe Gansert
ug at suse.de
Thu Jun 19 11:25:42 BST 2008
Hi,
our security team did a review of the dnsmasq package in openSUSE.
This bug:
https://bugzilla.novell.com/show_bug.cgi?id=401650
is maybe worth a discussion here.
Quote:
dnsmasq runs as root if the call to setcap() fails. For security reasons it
would be better to quit in this case. If the system intentionally lacks
capability support in the kernel the admin can explicity configure dnsmasqd
to run as root via dnsmasqd.conf. This issue is not distro specific IMHO
and probably worth reporting upstream.
--
ciao, Uwe Gansert
Uwe Gansert, Server Technologies Team
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
Business: http://www.suse.de/~ug
More information about the Dnsmasq-discuss
mailing list