[Dnsmasq-discuss] dnsmasq runs as root if setcap() fails
Carlos Carvalho
carlos at fisica.ufpr.br
Thu Jun 19 20:38:06 BST 2008
Simon Kelley (simon at thekelleys.org.uk) wrote on 19 June 2008 19:53:
>The result of this is that if dnsmasq is going to exit because of
>capability problems, it can't return a non-zero exit code: starting the
>daemon will appear to start fine, and then it will silently kill itself
>(logging is allowed, but not a return code to the init script.)
I don't understand why. I think what Uwe says is that dnsmasq should
completely abort, that is, it should kill the helper as well. This is
possible if it still runs as root. And it should return a non-zero
exit code, of course.
It boils down to a choice between security and
convenience/functionality. What do people usually chose? And what's
the consequence of this attitude?...
More information about the Dnsmasq-discuss
mailing list