https://bugzilla.novell.com/show_bug.cgi?id=401648 Summary: dnsmasqd uses dialout group Product: openSUSE 11.1 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: ug@novell.com ReportedBy: lnussel@novell.com QAContact: qa@suse.de CC: security-team@suse.de Found By: --- dnsmasqd uses the dialout group to access /etc/ppp/resolv.conf. The dialout group is not intended for that purpose IMO as it also gives you access to smpppd and some setuid binaries. IMO there are two possible solutions: a) use a custom script in /etc/ppp/ip-up.d that creates a resolv.conf for dnsmasqd in a place dnsmasqd can access b) patch dnsmasqd to open /etc/ppp/resolv.conf before dropping privileges and keep the fd. Not sure if that works as /etc/pppd/resolv.conf might not be recreated in-place c) patch pppd/the ip-up script to use a public place for resolv.conf as the content of resolv.conf is not secret anyways. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.