[Dnsmasq-discuss] dnsmasq runs as root if setcap() fails

Simon Kelley simon at thekelleys.org.uk
Thu Jun 19 21:21:48 BST 2008


Cristóbal Palmer wrote:
> On Thu, Jun 19, 2008 at 3:52 PM, Simon Kelley <simon at thekelleys.org.uk> wrote:
> 
>>There's  no order which makes everything work, as far as I can see.
> 
> 
> Why not fork a test process which tries the capset? If that fails,
> then you abort; if it succeeds, then proceed as you do normally. Am I
> misunderstanding?
>

That's a good idea, even simpler would be to just check that capget() 
will work early: that's enough to detect a kernel which doesn't have the 
correct support compiled in.

Would that satisfy your security people, Uwe?

Cheers,

Simon.





More information about the Dnsmasq-discuss mailing list