Please support setuid based on command line argument #4917
Comments
yurivict
changed the title
|
[ Quoting ***@***.***> in "[coredns/coredns] Please support se..." ]
It would be beneficial to run coredns as a regular user but without it
supporting setuid this is impossible.
See the downstream feature request: https://bugs.freebsd.org/bugzilla/
show_bug.cgi?id=259054
Environment:
• the version of CoreDNS:
• Corefile: 1.8.6
• OS: FreeBSD 13
dropping perms in Go is hard(er) than it should be and there is nothing in the std lib
that allows you to do it.
Personally I run coredns as the user coredns under Linux w/ systemd, where only the
NET_CAP_BIND capability is applied to the binary; this works fine. As a BSD this should
exist in FreeBSD as well
|
|
Hi, I admit that Go is one of the languages I haven't tried yet, so I absolutely don't want to lecture you. Cheers, |
|
[ Quoting ***@***.***> in "Re: [coredns/coredns] Please suppor..." ]
Hi,
I admit that Go is one of the languages I haven't tried yet, so I absolutely
don't want to lecture you.
But I also know that as programmers, when we have a certain limitation for a
language in our heads, we sometimes keep it there longer than we should.
So without pretending that I know better: https://stackoverflow.com/questions/
41248866/golang-dropping-privileges-v1-7
It looks rather simple to me. Feel free to correct me if I'm wrong.
that won't work well.
I've shown this is trivially doable with something like systemd and capabilties where you
run coredns as non-root
/close
|
|
Well, first of all, there's no systemd on FreeBSD (as on many Linux systems). |
Golang's |
It would be beneficial to run coredns as a regular user but without it supporting setuid this is impossible.
See the downstream feature request: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259054
Environment:
The text was updated successfully, but these errors were encountered: