[Dnsmasq-discuss] dnsmasq runs as root if setcap() fails

Matthias Andree matthias.andree at gmx.de
Fri Jun 20 08:59:28 BST 2008


Simon Kelley <simon at thekelleys.org.uk> writes:

> Cristóbal Palmer wrote:
>> On Thu, Jun 19, 2008 at 3:52 PM, Simon Kelley <simon at thekelleys.org.uk> wrote:
>>
>>>There's  no order which makes everything work, as far as I can see.
>>
>>
>> Why not fork a test process which tries the capset? If that fails,
>> then you abort; if it succeeds, then proceed as you do normally. Am I
>> misunderstanding?
>>
>
> That's a good idea, even simpler would be to just check that capget()
> will work early: that's enough to detect a kernel which doesn't have the
> correct support compiled in.

Or libcap library for that matter. I tried swapping 2.6.25.X underneath
openSUSE 10.2 and ntpd started failing since it uses libcap1 which can't
talk to a new kernel. Awful, and proof that the current Linux 2.6
unstable API development model is crap, but that's not the point here.

Conclusion: there should be still some configurable privilege-dropping
(for instance setuid(uid-of-dnsmasq-user)) for situations where
capability-dropping doesn't work, even if the latter has been enabled at
compile time.

-- 
Matthias Andree



More information about the Dnsmasq-discuss mailing list