On Thu, 20 Dec 2018 11:46:55 +0100 Laurent Bigonville wrote: [...] > Otoh, runuser pam service is doing the strict minimum on purpose (ie > setting the limits based on the configuration and cleaning the kernel > keyring).
But I am under the impression that it does not *permanently* drop root privileges. > > And even if you think that runuser shouldn't be used, I still think that > apt-listbugs shouldn't pull s6 and what you are trying to do here can > perfectly be done in pure ruby without the call to an external program Why reinventing the wheel in pure Ruby, when there are little DFSG-free programs which are designed to drop root privileges, are developed by people more knowledgeable than me about this topic, are tested and already packaged for Debian? -- http://www.inventati.org/frx/ There's not a second to spare! To the laboratory! ..................................................... Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
pgpDZiMF4OSBh.pgp
Description: PGP signature
