Bug 517727 - Changes for lowering capabilities project
Summary: Changes for lowering capabilities project
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: dnsmasq
Version: rawhide
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Patrick Laughton
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-08-16 12:14 UTC by Steve Grubb
Modified: 2009-10-05 18:34 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-10-05 18:34:22 UTC


Attachments (Terms of Use)
Patch to drop capabilities (739 bytes, patch)
2009-08-16 12:14 UTC, Steve Grubb
no flags Details | Diff

Description Steve Grubb 2009-08-16 12:14:41 UTC
Created attachment 357566 [details]
Patch to drop capabilities

Description of problem:
As part of the lowering capabilities project, we should drop all unnecessary
capabilities in all daemons. Dnsmasq is not clearing its bounding set. I will attach a patch that fixes this.

Comment 2 Itamar Reis Peixoto 2009-10-05 06:15:47 UTC
what are the status of this patch ?

sent to upstream ?

Comment 3 Steve Grubb 2009-10-05 13:17:37 UTC
Yes, this patch has been sent upstream. In discussion with upstream I think we decided that it may not be necessary. I was leaving the bug open to remind me to come back and look at the uid of dnsmasq. It had been showing up as root in my tools, but I fixed a bug in them and now its showing up as nobody. I really think dnsmasq should have a better account to run under than "nobody". I suppose this bug can be closed.


Note You need to log in before you can comment on or make changes to this bug.