Red Hat Bugzilla – Bug 517727
Changes for lowering capabilities project
Last modified: 2009-10-05 14:34:22 EDT
Created attachment 357566 [details]
Patch to drop capabilities
Description of problem:
As part of the lowering capabilities project, we should drop all unnecessary
capabilities in all daemons. Dnsmasq is not clearing its bounding set. I will attach a patch that fixes this.
what are the status of this patch ?
sent to upstream ?
Yes, this patch has been sent upstream. In discussion with upstream I think we decided that it may not be necessary. I was leaving the bug open to remind me to come back and look at the uid of dnsmasq. It had been showing up as root in my tools, but I fixed a bug in them and now its showing up as nobody. I really think dnsmasq should have a better account to run under than "nobody". I suppose this bug can be closed.