[Dnsmasq-discuss] dnsmasq runs as root if setcap() fails
Simon Kelley
simon at thekelleys.org.uk
Thu Jun 19 21:21:48 BST 2008
Cristóbal Palmer wrote:
> On Thu, Jun 19, 2008 at 3:52 PM, Simon Kelley <simon at thekelleys.org.uk> wrote:
>
>>There's no order which makes everything work, as far as I can see.
>
>
> Why not fork a test process which tries the capset? If that fails,
> then you abort; if it succeeds, then proceed as you do normally. Am I
> misunderstanding?
>
That's a good idea, even simpler would be to just check that capget()
will work early: that's enough to detect a kernel which doesn't have the
correct support compiled in.
Would that satisfy your security people, Uwe?
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list