Erik Hahn schrieb am 06.10.2008 20:21: > On Mon, Oct 06, 2008 at 02:27:11PM +0200, Daniel Pielmeier wrote: >> 2008/10/6 Erik Hahn <[EMAIL PROTECTED]>: >>> No, it simply shouldn't change them, there's no reason to do that (to my >>> knowledge). >> I think it is a big security issue if a normal user could start >> arbitrary daemons with root privileges. So you should file a bug at > > It doesn't give anyone root privileges, it only sets wrong variables. > >> I think only root should be able to execute start-stop-daemon and the >> user should be changed with the proper command line switches. I >> actually don't know if it is --chuid or --user as this has changed >> between old baselayout and new openrc. > > Why's that? Running a program with user privileges is no security > problem at all.
I got the intention the program is started with root privileges when using start-stop-daemon. Nevertheless I can reproduce your problem with the wrong variables. I think it should set the variables appropriate for the user running start-stop-daemon. So you should file a bug report about that. Regards, Daniel
