Hi Loganaden, I am not sure how privilege separation would be beneficial, since dnsmasq drops almost all of its capabilities in dnsmasq.c:597 and therefore, doing privilege separation for the remaining capabilities may not be worth it.
Kind regards, Denis. On Tue, Sep 5, 2017 at 1:09 PM, Loganaden Velvindron <logana...@gmail.com> wrote: > On Tue, Sep 5, 2017 at 2:32 PM, Denis Solonkov <solonko...@google.com> > wrote: > > Hi Simon, > > > > > > As part of my Google summer internship project I have implemented a > sandbox > > for dnsmasq, based on Linux seccomp-bpf and mount namespace, with tests > and > > documentation. > > > > Such sandbox provides defense in depth to dnsmasq, by restricting what > files > > it can access and which syscalls it can make, in case remote code > execution > > vulnerabilities are discovered in dnsmasq. > > > > Would you be interested in reviewing my patches and maybe integrate them > in > > dnsmasq? > > > > Please find attached my patch against master head, but let me know if > there > > is another way for us to review and discuss the change. > > > > > > The project is interesting. May I suggest looking into privilege > separation such as what OpenBSD has been doing before applying the > sandbox ? > > http://quigon.bsws.de/papers/aalborg2009/mgp00043.html > > Also, maybe look at unbound, which has a privilege separation design as > well. > > Have a look at OpenBSD's imsg framework which is light and easy to port: > > http://man.openbsd.org/imsg_init >
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss