Project

General

Profile

Actions
Copy link

Feature #276

open
VJ CT

Libcap support for dropping privileges

Feature #276: Libcap support for dropping privileges

Added by Victor Julien about 15 years ago. Updated about 7 years ago.

Status:
New
Priority:
Normal
Assignee:
Community Ticket
Target version:
TBD
Effort:
medium
Difficulty:
low
Label:

Description

On Linux we use libcap-ng to drop privileges after startup. Currently libcap-ng supports Linux only, so we need a different solution for FreeBSD and Mac OS X.

Using libcap would likely work.

Requirements:
- A solution would have to be coded up into src/util-privs.c.
- As much as possible the API should remain the same.
- configure.in/autotools need to auto detect presence and usability of libcap
- libcap-ng (if present) needs to have preference over libcap

Alternatively, libcap-ng could be improved. The upstream dev has indicated to be willing to accept patches for other operating systems.

Related issues 2 (2 open0 closed)

Related to Suricata - Feature #2375: Design and implement sensible per-thread capabilitiesNewOISF DevActions
Related to Suricata - Feature #2931: Perform privdrop without libcap-ng supportNewEmmanuel RoullitActions

VJ Updated by Victor Julien almost 14 years ago Actions
Copy link
 #1

  • Target version set to TBD

VJ Updated by Victor Julien over 8 years ago Actions
Copy link
 #2

  • Related to Feature #2375: Design and implement sensible per-thread capabilities added

VJ Updated by Victor Julien over 7 years ago Actions
Copy link
 #3

  • Effort set to medium
  • Difficulty set to low

VJ Updated by Victor Julien about 7 years ago Actions
Copy link
 #4

  • Assignee set to Community Ticket

VJ Updated by Victor Julien almost 7 years ago Actions
Copy link
 #5

  • Related to Feature #2931: Perform privdrop without libcap-ng support added
Actions
Copy link

Also available in: PDF Atom