| 1 |
On Sun, Oct 05, 2008 at 08:54:25PM +0200, Jil Larner wrote: |
| 2 |
> You may wish to specify the --user parameter. As this tool is for system |
| 3 |
> daemons (therefore located in /sbin), it seems obvious it starts daemons |
| 4 |
> as root by default. I checked on my system and I don't have a setuid bit |
| 5 |
> on this program, no more it starts any program when my wheel user |
| 6 |
> executes the command. I've no error code, but no process is spawned. |
| 7 |
|
| 8 |
It doesn't run the command as root but as normal user (it isn't setuid |
| 9 |
either. All it does is setting the *variables* $USER and $HOME to the |
| 10 |
wrong values. |
| 11 |
|
| 12 |
> If your non root user escalates privileges and is able to spawn a root |
| 13 |
> process, *and* there is no setuid bit on /sbin/start-stop-daemon, you |
| 14 |
> may fill a bug, if you have a procedure to reproduce it ;) Honestly, as |
| 15 |
> it is a quite old debian tool, I don't think it's buggy ;) |
| 16 |
|
| 17 |
This implementation is not by Debian: |
| 18 |
|
| 19 |
> This is a complete re-implementation with the process finding code in |
| 20 |
> the OpenRC library (librc, -lrc) so other programs can make use of it. |
| 21 |
|
| 22 |
-Erik |
| 23 |
|
| 24 |
-- |
| 25 |
hackerkey://v4sw5hw2ln3pr5ck0ma2u7LwXm4l7Gi2e2t4b7Ken4/7a16s0r1p-5.62/-6.56g5OR |
Archives