Ludovic Courtès <[email protected]> skribis: > Starting from commit 211fe3f66e6dfdaa64974931c458ab1d92afc182, if PID 1 > is Shepherd 0.9.0, the bitlbee daemon was started on-demand as an inetd > service. > > However, due to a logic bug, it was running as root (in a separate user > namespace though) instead of running as “bitlbee”. The bug is that we > were spawning “bitlbee -u bitlbee” as root; normally, bitlbee would > setuid to the “bitlbee” user early on, but since it was in a separate > namespace and with a minimal /etc/passwd, it couldn’t do anything and > kept the current UID (that UID was 1000 inside the user namespace, but 0 > outside).
Fixed by commit ecfcdff23a5ce390a7edc019c1f1216c4843dc04: the bitlbee process is now started as “bitlbee” right from the start. I reviewed other users of ‘least-authority-wrapper’ that were recently introduced and didn’t see other mistakes of that kind. You’re welcome to take another look to make sure! Ludo’.
