Hi,
Erik Hahn a écrit :
It doesn't run the command as root but as normal user (it isn't setuid
either. All it does is setting the *variables* $USER and $HOME to the
wrong values.
Oh, I read too quickly :x And by the way didn't give the right command
switch that are --chuid --user and --env.
On Mon, Oct 06, 2008 at 08:41:58AM +0200, Jil Larner wrote:
Hi,
Erik Hahn a écrit :
It doesn't run the command as root but as normal user (it isn't setuid
either. All it does is setting the *variables* $USER and $HOME to the
wrong values.
Oh, I read too quickly :x And by the way
2008/10/6 Erik Hahn [EMAIL PROTECTED]:
No, it simply shouldn't change them, there's no reason to do that (to my
knowledge).
If start-stop-daemon is executed by a normal user it should either not
change the user to root or deny the execution if the user is not root.
I think it is a big security
On Mon, Oct 06, 2008 at 02:27:11PM +0200, Daniel Pielmeier wrote:
2008/10/6 Erik Hahn [EMAIL PROTECTED]:
No, it simply shouldn't change them, there's no reason to do that (to my
knowledge).
I think it is a big security issue if a normal user could start
arbitrary daemons with root
Erik Hahn schrieb am 06.10.2008 20:21:
On Mon, Oct 06, 2008 at 02:27:11PM +0200, Daniel Pielmeier wrote:
2008/10/6 Erik Hahn [EMAIL PROTECTED]:
No, it simply shouldn't change them, there's no reason to do that (to my
knowledge).
I think it is a big security issue if a normal user could start
I'm using start-stop-daemon for making sure rc.wmii runs only once (If
you don't know wmii's way of handling configs: it doesn't matter).
Although I run it as user, it sets USER=root and HOME=/root. Is this
behaviour expected or should I file a bug?
-Erik
--
On Sun, Oct 05, 2008 at 08:54:25PM +0200, Jil Larner wrote:
You may wish to specify the --user parameter. As this tool is for system
daemons (therefore located in /sbin), it seems obvious it starts daemons
as root by default. I checked on my system and I don't have a setuid bit
on this
7 matches
Mail list logo
