From: Ruben Kerkhof <ruben@rubenkerkhof.com>
Date: Wed, 4 Feb 2015 10:06:23 +0000 (+0100)
Subject: Ensure recursor can't elevate its privileges
X-Git-Tag: dnsdist-1.0.0-alpha1~306^2~4^2~3
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d32e367f0b1d7f220a547070b5ad39a6c57a9759;p=pdns

Ensure recursor can't elevate its privileges
---

diff --git a/contrib/systemd-pdns-recursor.service b/contrib/systemd-pdns-recursor.service
index 987dd0543..b257f6642 100644
--- a/contrib/systemd-pdns-recursor.service
+++ b/contrib/systemd-pdns-recursor.service
@@ -10,6 +10,7 @@ ExecStart=/usr/sbin/pdns_recursor --daemon
 PrivateTmp=true
 PrivateDevices=true
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+NoNewPrivileges=true
 
 [Install]
 WantedBy=multi-user.target