[sslh] capabilities downgrade
Andrei Muresanu
andrei.muresanu at gmail.com
Mon Jun 30 17:02:16 CEST 2014
Hi,
1.16 sources compiled with USELIBCAP=1:
-------------------
# ldd /usr/local/sbin/sslh
libconfig.so.9 => /usr/lib/arm-linux-gnueabi/libconfig.so.9
(0xb6f58000)
libcap.so.2 => /lib/arm-linux-gnueabi/libcap.so.2 (0xb6f4c000)
libc.so.6 => /lib/arm-linux-gnueabi/libc.so.6 (0xb6e14000)
/lib/ld-linux.so.3 (0xb6f76000)
libattr.so.1 => /lib/arm-linux-gnueabi/libattr.so.1 (0xb6e07000)
-------------------
unfortunately, when running (x.x.x.x is a valid ip address):
-------------------
/usr/local/sbin/sslh --user nobody --pidfile /var/run/sslh.pid --listen
x.x.x.x:443 --ssh x.x.x.x:22 --ssl x.x.x.x:9443 --openvpn x.x.x.x:1194
--transparent -v
-------------------
i get:
-------------------
ssh addr: x.x.x.x:ssh. libwrap service: sshd family 2 2
ssl addr: x.x.x.x:9443. libwrap service: (null) family 2 2
openvpn addr: x.x.x.x:openvpn. libwrap service: (null) family 2 2
listening on:
x.x.x.x:https
timeout: 2
on-timeout: ssh
listening to 1 addresses
root at hostname:~# turning into nobody
capabilities: =
-------------------
notice the capabilities = "" (no capabilities)
when running with --user root, i get (same as when running without --user):
-------------------
capabilities: =ep
-------------------
ideas ?
-------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rutschle.net/pipermail/sslh/attachments/20140630/a73123f6/attachment.html>
More information about the sslh
mailing list