[Dnsmasq-discuss] dnsmasq runs as root if setcap() fails
Bill C. Riemers
briemers at redhat.com
Thu Jun 19 20:54:56 BST 2008
I think the whole issue is rather mute. Just use SELinux to prohibit
doing things it is not suppose to, and then there is no need to worry
about what user
it runs as.
Carlos Carvalho wrote:
> Simon Kelley (simon at thekelleys.org.uk) wrote on 19 June 2008 19:53:
> >The result of this is that if dnsmasq is going to exit because of
> >capability problems, it can't return a non-zero exit code: starting the
> >daemon will appear to start fine, and then it will silently kill itself
> >(logging is allowed, but not a return code to the init script.)
> I don't understand why. I think what Uwe says is that dnsmasq should
> completely abort, that is, it should kill the helper as well. This is
> possible if it still runs as root. And it should return a non-zero
> exit code, of course.
> It boils down to a choice between security and
> convenience/functionality. What do people usually chose? And what's
> the consequence of this attitude?...
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
More information about the Dnsmasq-discuss