On Sun, Oct 05, 2008 at 08:54:25PM +0200, Jil Larner wrote:
> You may wish to specify the --user parameter. As this tool is for system
> daemons (therefore located in /sbin), it seems obvious it starts daemons
> as root by default. I checked on my system and I don't have a setuid bit
> on this program, no more it starts any program when my wheel user
> executes the command. I've no error code, but no process is spawned.
It doesn't run the command as root but as normal user (it isn't setuid
either. All it does is setting the *variables* $USER and $HOME to the
wrong values.
> If your non root user escalates privileges and is able to spawn a root
> process, *and* there is no setuid bit on /sbin/start-stop-daemon, you
> may fill a bug, if you have a procedure to reproduce it ;) Honestly, as
> it is a quite old debian tool, I don't think it's buggy ;)
This implementation is not by Debian:
> This is a complete re-implementation with the process finding code in
> the OpenRC library (librc, -lrc) so other programs can make use of it.
-Erik
--
hackerkey://v4sw5hw2ln3pr5ck0ma2u7LwXm4l7Gi2e2t4b7Ken4/7a16s0r1p-5.62/-6.56g5OR
