大致意思是说,dnsmasq在启动的时候因为需要53 udp端口(小于1024端口需要root权限)之类的操作所以是以root身份启动的,之后在权限使用完成后会自动将自己变为nobody权限处理请求,这样即便是dnamasq被攻击者拿到了权限,也只能做很小的破坏,这是一个安全特性,并且从root->nobody这一步是不可逆的。so。。。

这个回复是03年的时候好像是,具体不知道现在有没有这个东西,我猜想如果是将dnsmasq域名啊什么的添加到数据库中,就能解决这个问题,希望有一天 我能提交这个path

> Hi list,

> > Is there a way to reload the configuration file without killing and

> restarting the dnsmasq process?

> The -HUP signal only reloads the /etc/hosts.conf and /etc/resolv.conf

> >

Marcel >

There’s no way to do that: the reason is that dnsmasq starts as root, does all the things that need root permissions (like opening sockets on priviledged ports and opening the DHCP lease file) and then permanently changes it’s identity from root to nobody. It does this as a security feature, even if an atacker gets control of the dnsmasq process, they can do far less harm as “nobody” then as “root”. Since changes to the configuration file could involve some root-only operations, there’s no way for a running dnsmasq process to process it. It cannot regain its root privileges (there would be no security advantage if it could). The only way to re-read the config file is to start a new dnsmasq process, running as root. Then it can re-do the “root” only stuff. Cheers, Simon.

转载请注明来源链接 http://just4fun.im/2016/12/13/dnsmasq-e6-9c-89-e6-b2-a1-e6-9c-89reload-e7-9a-84-e6-96-b9-e6-b3-95-ef-bc-9f/ 尊重知识,谢谢:)