FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 10-05-2008, 12:01 PM
Erik Hahn
 
Default start-stop-daemon sets USER=root - expected behaviour?

I'm using start-stop-daemon for making sure rc.wmii runs only once (If
you don't know wmii's way of handling configs: it doesn't matter).
Although I run it as user, it sets USER=root and HOME=/root. Is this
behaviour expected or should I file a bug?

-Erik
--
hackerkey://v4sw5hw2ln3pr5ck0ma2u7LwXm4l7Gi2e2t4b7Ken4/7a16s0r1p-5.62/-6.56g5OR
 
Old 10-05-2008, 06:54 PM
Jil Larner
 
Default start-stop-daemon sets USER=root - expected behaviour?

Hi,

You may wish to specify the --user parameter. As this tool is for system
daemons (therefore located in /sbin), it seems obvious it starts daemons
as root by default. I checked on my system and I don't have a setuid bit
on this program, no more it starts any program when my wheel user
executes the command. I've no error code, but no process is spawned.

If your non root user escalates privileges and is able to spawn a root
process, *and* there is no setuid bit on /sbin/start-stop-daemon, you
may fill a bug, if you have a procedure to reproduce it Honestly, as
it is a quite old debian tool, I don't think it's buggy

Sincerely,
Jil

Erik Hahn a écrit :
> I'm using start-stop-daemon for making sure rc.wmii runs only once (If
> you don't know wmii's way of handling configs: it doesn't matter).
> Although I run it as user, it sets USER=root and HOME=/root. Is this
> behaviour expected or should I file a bug?
>
> -Erik
 
Old 10-06-2008, 12:27 PM
"Daniel Pielmeier"
 
Default start-stop-daemon sets USER=root - expected behaviour?

2008/10/6 Erik Hahn <erik_hahn@gmx.de>:
> No, it simply shouldn't change them, there's no reason to do that (to my
> knowledge).

If start-stop-daemon is executed by a normal user it should either not
change the user to root or deny the execution if the user is not root.
I think it is a big security issue if a normal user could start
arbitrary daemons with root privileges. So you should file a bug at
bugs.gentoo.org or better a new ticket at
roy.marples.name/projects/openrc/wiki.

I think only root should be able to execute start-stop-daemon and the
user should be changed with the proper command line switches. I
actually don't know if it is --chuid or --user as this has changed
between old baselayout and new openrc.

--
Regards,
Daniel
 

Thread Tools




All times are GMT. The time now is 07:31 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org