[Dnsmasq-discuss] dnsmasq runs as root if setcap() fails

Uwe Gansert ug at suse.de
Thu Jun 19 11:25:42 BST 2008


our security team did a review of the dnsmasq package in openSUSE.
This bug:
is maybe worth a discussion here.

dnsmasq runs as root if the call to setcap() fails. For security reasons it 
would be better to quit in this case. If the system intentionally lacks 
capability support in the kernel the admin can explicity configure dnsmasqd 
to run as root via dnsmasqd.conf. This issue is not distro specific IMHO 
and probably worth reporting upstream.

ciao, Uwe Gansert

Uwe Gansert, Server Technologies Team
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
Business: http://www.suse.de/~ug

More information about the Dnsmasq-discuss mailing list