[Slackbuilds-users] Syncthing init script on SBo runs as root - security risk?
Sebastian Arcus
s.arcus at open-t.co.uk
Thu Dec 31 08:59:12 UTC 2015
On 31/12/15 08:45, henkjan gersen wrote:
Hi Henkjan,
> The current version of Syncthing on SBo installs an init script that
> runs the daemon as root, which seems a security risk to me and goes
> against the advice on the Syncthing wiki:
> http://docs.syncthing.net/users/autostart.html#run-independent-of-user-login
>
> There was a thread on the mailing-list in June with patches that run
> Syncthing as an unprivileged user, see
> http://lists.slackbuilds.org/pipermail/slackbuilds-users/2015-June/014347.html
It was I who submitted those suggestions and patches
>
>
> Those patches seem sensible for a situation that where it runs as a
> system daemon and hence appear to be a safer default. Only minor
> mistake appears to be the mention of "Exim" in the suggested group add
> command.
Thanks for catching that
>
> Any progress on fixing this or is it intentional that it runs as root?
I was told at the time that the maintainer should approve the changes. I
tried contacting the maintainer, but never heard anything back I'm afraid.
More information about the SlackBuilds-users
mailing list