[Dnsmasq-discuss] dnsmasq runs as root if setcap() fails

Bill C. Riemers briemers at redhat.com
Thu Jun 19 20:54:56 BST 2008

I think the whole issue is rather mute.   Just use SELinux to prohibit
dns-masq from
doing things it is not suppose to, and then there is no need to worry
about what user
it runs as.


Carlos Carvalho wrote:
> Simon Kelley (simon at thekelleys.org.uk) wrote on 19 June 2008 19:53:
>  >The result of this is that if dnsmasq is going to exit because of 
>  >capability problems, it can't return a non-zero exit code: starting the 
>  >daemon will appear to start fine, and then it will silently kill itself 
>  >(logging is allowed, but not a return code to the init script.)
> I don't understand why. I think what Uwe says is that dnsmasq should
> completely abort, that is, it should kill the helper as well. This is
> possible if it still runs as root. And it should return a non-zero
> exit code, of course.
> It boils down to a choice between security and
> convenience/functionality. What do people usually chose? And what's
> the consequence of this attitude?...
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

More information about the Dnsmasq-discuss mailing list