Re: [gentoo-user] start-stop-daemon sets USER=root - expected behaviour?
Hi, Erik Hahn a écrit : It doesn't run the command as root but as normal user (it isn't setuid either. All it does is setting the *variables* $USER and $HOME to the wrong values. Oh, I read too quickly :x And by the way didn't give the right command switch that are --chuid --user and --env. These should give you the result you wish. Should the program automatically set correct home and user ? I'd say this could be great, so you may report it as a bug or, more pobably, as a feature request. This implementation is not by Debian: This is a complete re-implementation with the process finding code in the OpenRC library (librc, -lrc) so other programs can make use of it. I didn't know. Where did you find this ? Thanks, Jil
Re: [gentoo-user] start-stop-daemon sets USER=root - expected behaviour?
On Mon, Oct 06, 2008 at 08:41:58AM +0200, Jil Larner wrote: Hi, Erik Hahn a écrit : It doesn't run the command as root but as normal user (it isn't setuid either. All it does is setting the *variables* $USER and $HOME to the wrong values. Oh, I read too quickly :x And by the way didn't give the right command switch that are --chuid --user and --env. These should give you the result you wish. Should the program automatically set correct home and user ? I'd say this could be great, so you may report it as a bug or, more pobably, as a feature request. No, it simply shouldn't change them, there's no reason to do that (to my knowledge). This implementation is not by Debian: This is a complete re-implementation with the process finding code in the OpenRC library (librc, -lrc) so other programs can make use of it. I didn't know. Where did you find this ? Man page. -Erik -- hackerkey://v4sw5hw2ln3pr5ck0ma2u7LwXm4l7Gi2e2t4b7Ken4/7a16s0r1p-5.62/-6.56g5OR
Re: [gentoo-user] start-stop-daemon sets USER=root - expected behaviour?
2008/10/6 Erik Hahn [EMAIL PROTECTED]: No, it simply shouldn't change them, there's no reason to do that (to my knowledge). If start-stop-daemon is executed by a normal user it should either not change the user to root or deny the execution if the user is not root. I think it is a big security issue if a normal user could start arbitrary daemons with root privileges. So you should file a bug at bugs.gentoo.org or better a new ticket at roy.marples.name/projects/openrc/wiki. I think only root should be able to execute start-stop-daemon and the user should be changed with the proper command line switches. I actually don't know if it is --chuid or --user as this has changed between old baselayout and new openrc. -- Regards, Daniel
Re: [gentoo-user] start-stop-daemon sets USER=root - expected behaviour?
On Mon, Oct 06, 2008 at 02:27:11PM +0200, Daniel Pielmeier wrote: 2008/10/6 Erik Hahn [EMAIL PROTECTED]: No, it simply shouldn't change them, there's no reason to do that (to my knowledge). I think it is a big security issue if a normal user could start arbitrary daemons with root privileges. So you should file a bug at It doesn't give anyone root privileges, it only sets wrong variables. I think only root should be able to execute start-stop-daemon and the user should be changed with the proper command line switches. I actually don't know if it is --chuid or --user as this has changed between old baselayout and new openrc. Why's that? Running a program with user privileges is no security problem at all. -Erik -- hackerkey://v4sw5hw2ln3pr5ck0ma2u7LwXm4l7Gi2e2t4b7Ken4/7a16s0r1p-5.62/-6.56g5OR
Re: [gentoo-user] start-stop-daemon sets USER=root - expected behaviour?
Erik Hahn schrieb am 06.10.2008 20:21: On Mon, Oct 06, 2008 at 02:27:11PM +0200, Daniel Pielmeier wrote: 2008/10/6 Erik Hahn [EMAIL PROTECTED]: No, it simply shouldn't change them, there's no reason to do that (to my knowledge). I think it is a big security issue if a normal user could start arbitrary daemons with root privileges. So you should file a bug at It doesn't give anyone root privileges, it only sets wrong variables. I think only root should be able to execute start-stop-daemon and the user should be changed with the proper command line switches. I actually don't know if it is --chuid or --user as this has changed between old baselayout and new openrc. Why's that? Running a program with user privileges is no security problem at all. I got the intention the program is started with root privileges when using start-stop-daemon. Nevertheless I can reproduce your problem with the wrong variables. I think it should set the variables appropriate for the user running start-stop-daemon. So you should file a bug report about that. Regards, Daniel
[gentoo-user] start-stop-daemon sets USER=root - expected behaviour?
I'm using start-stop-daemon for making sure rc.wmii runs only once (If you don't know wmii's way of handling configs: it doesn't matter). Although I run it as user, it sets USER=root and HOME=/root. Is this behaviour expected or should I file a bug? -Erik -- hackerkey://v4sw5hw2ln3pr5ck0ma2u7LwXm4l7Gi2e2t4b7Ken4/7a16s0r1p-5.62/-6.56g5OR
Re: [gentoo-user] start-stop-daemon sets USER=root - expected behaviour?
On Sun, Oct 05, 2008 at 08:54:25PM +0200, Jil Larner wrote: You may wish to specify the --user parameter. As this tool is for system daemons (therefore located in /sbin), it seems obvious it starts daemons as root by default. I checked on my system and I don't have a setuid bit on this program, no more it starts any program when my wheel user executes the command. I've no error code, but no process is spawned. It doesn't run the command as root but as normal user (it isn't setuid either. All it does is setting the *variables* $USER and $HOME to the wrong values. If your non root user escalates privileges and is able to spawn a root process, *and* there is no setuid bit on /sbin/start-stop-daemon, you may fill a bug, if you have a procedure to reproduce it ;) Honestly, as it is a quite old debian tool, I don't think it's buggy ;) This implementation is not by Debian: This is a complete re-implementation with the process finding code in the OpenRC library (librc, -lrc) so other programs can make use of it. -Erik -- hackerkey://v4sw5hw2ln3pr5ck0ma2u7LwXm4l7Gi2e2t4b7Ken4/7a16s0r1p-5.62/-6.56g5OR
