On 07/03/2016 16:06, Luis Ressel wrote:
I'm aware of this. What's so bad about people being able to run s6-linux-init-maker without root permissions?
What is so bad is that the produced output is not suitable for booting: files will be owned by a non-root user, who then has the necessary permissions to meddle with the boot process. If I make s6-linux-init-maker available to non-root users, people will run it as a non-root user, then attempt to use the produced scripts for booting, and it will either fail, or succeed while opening a giant security hole. The use case you are suggesting is valid, but does not balance the risk. If you do not have root privileges and still want to run s6-linux-init-maker, download and compile the package yourself - the binary will still have 0755 rights, but you will own it. -- Laurent
