Feature #119
closedSuricata should support the ability to drop privs in every RunMode Possible
Description
We need to support the ability to drop privs for every run mode possible. We need to test Steve's patch with all runmodes to verify that everything still works and make modifications where needed.
General comments from Steve about dropping privs.
I just wanted to mention that running as root means that you gain access to
certain capabilities. Without the capabilities, root is just a normal account
- although still dangerous. It is possible to keep capabilities while changing
uid. This is done by using the prctl() syscall. To do this with libcap is
about 60 lines of code. To do this with libcap-ng is 3 lines of code.Typically the way this is done goes one of 2 ways: Either wait until
privileged ops are completed and then drop all capabilities or retain some
capabilities. The decision really depends on whether or not the daemon can
receive a signal such as sighup that may require it to do privileged ops
again. If it does, then you should keep some capabilities. If it does not then
you should drop them all.
Files
Updated by Victor Julien about 14 years ago
- Due date changed from 03/20/2010 to 04/30/2010
- Target version changed from 0.8.2 to 0.9.0
Updated by Victor Julien almost 14 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
Current master drops privs if the --user <user> option is supplied. Requires libcap-ng.