New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Privilege reduction for WAN dnsmasq #3175

Open

neocturne opened this issue Jan 29, 2024 · 1 comment

Labels

0. type: feature-request

Milestone

Member

neocturne commented Jan 29, 2024

OpenWrt reduces the risk of compromising the system through dnsmasq vulnerabilities in two ways:

dnsmasq is run in a ujail
dnsmasq runs as user dnsmasq instead of root

We should look into making the same improvements for the WAN dnsmasq instance.

The text was updated successfully, but these errors were encountered:

neocturne added the 0. type: feature-request label

neocturne added this to the v2024.1 milestone

Contributor

T-X commented Feb 3, 2024

Especially as the dnsmasq code quality is quite... bad in my opinion... And we still have an open segfault in it. So sounds like a very good idea.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment