[Bug 401648] New: dnsmasqd uses dialout group
https://bugzilla.novell.com/show_bug.cgi?id=401648 Summary: dnsmasqd uses dialout group Product: openSUSE 11.1 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: ug@novell.com ReportedBy: lnussel@novell.com QAContact: qa@suse.de CC: security-team@suse.de Found By: --- dnsmasqd uses the dialout group to access /etc/ppp/resolv.conf. The dialout group is not intended for that purpose IMO as it also gives you access to smpppd and some setuid binaries. IMO there are two possible solutions: a) use a custom script in /etc/ppp/ip-up.d that creates a resolv.conf for dnsmasqd in a place dnsmasqd can access b) patch dnsmasqd to open /etc/ppp/resolv.conf before dropping privileges and keep the fd. Not sure if that works as /etc/pppd/resolv.conf might not be recreated in-place c) patch pppd/the ip-up script to use a public place for resolv.conf as the content of resolv.conf is not secret anyways. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=401648
User ug@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=401648#c1
Uwe Gansert
https://bugzilla.novell.com/show_bug.cgi?id=401648
User hvogel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=401648#c2
Hendrik Vogelsang
https://bugzilla.novell.com/show_bug.cgi?id=401648
User mt@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=401648#c3
Marius Tomaschewski
https://bugzilla.novell.com/show_bug.cgi?id=401648
User mt@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=401648#c4
--- Comment #4 from Marius Tomaschewski
https://bugzilla.novell.com/show_bug.cgi?id=401648
User hvogel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=401648#c5
Hendrik Vogelsang
https://bugzilla.novell.com/show_bug.cgi?id=401648
User hvogel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=401648#c6
--- Comment #6 from Hendrik Vogelsang
https://bugzilla.novell.com/show_bug.cgi?id=401648
User mt@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=401648#c7
--- Comment #7 from Marius Tomaschewski
https://bugzilla.novell.com/show_bug.cgi?id=401648
User mt@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=401648#c8
Marius Tomaschewski
https://bugzilla.novell.com/show_bug.cgi?id=401648
User mt@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=401648#c11
Marius Tomaschewski
https://bugzilla.novell.com/show_bug.cgi?id=401648
User hvogel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=401648#c12
--- Comment #12 from Hendrik Vogelsang
https://bugzilla.novell.com/show_bug.cgi?id=401648
User ug@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=401648#c14
--- Comment #14 from Uwe Gansert
https://bugzilla.novell.com/show_bug.cgi?id=401648
User mt@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=401648#c15
--- Comment #15 from Marius Tomaschewski
https://bugzilla.novell.com/show_bug.cgi?id=401648
User mt@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=401648#c16
Marius Tomaschewski
participants (1)
-
bugzilla_noreply@novell.com