Project

General

Profile

Actions
Copy link

Feature #276

open

Libcap support for dropping privileges

Added by Victor Julien over 13 years ago. Updated over 5 years ago.

Status:
New
Priority:
Normal
Assignee:
Community Ticket
Target version:
TBD
Effort:
medium
Difficulty:
low
Label:

Description

On Linux we use libcap-ng to drop privileges after startup. Currently libcap-ng supports Linux only, so we need a different solution for FreeBSD and Mac OS X.

Using libcap would likely work.

Requirements:
- A solution would have to be coded up into src/util-privs.c.
- As much as possible the API should remain the same.
- configure.in/autotools need to auto detect presence and usability of libcap
- libcap-ng (if present) needs to have preference over libcap

Alternatively, libcap-ng could be improved. The upstream dev has indicated to be willing to accept patches for other operating systems.

Related issues 2 (2 open0 closed)

Related to Suricata - Feature #2375: Design and implement sensible per-thread capabilitiesNewOISF DevActions
Related to Suricata - Feature #2931: Perform privdrop without libcap-ng supportNewEmmanuel RoullitActions
Actions
Copy link
 #1

Updated by Victor Julien over 12 years ago

  • Target version set to TBD
Actions
Copy link
 #2

Updated by Victor Julien almost 7 years ago

  • Related to Feature #2375: Design and implement sensible per-thread capabilities added
Actions
Copy link
 #3

Updated by Victor Julien over 6 years ago

  • Effort set to medium
  • Difficulty set to low
Actions
Copy link
 #4

Updated by Victor Julien over 5 years ago

  • Assignee set to Community Ticket
Actions
Copy link
 #5

Updated by Victor Julien over 5 years ago

  • Related to Feature #2931: Perform privdrop without libcap-ng support added
Actions
Copy link

Also available in: Atom PDF