[Slackbuilds-users] Syncthing init script on SBo runs as root - security risk?
henkjan gersen
h.gersen at gmail.com
Thu Dec 31 08:45:30 UTC 2015
The current version of Syncthing on SBo installs an init script that runs
the daemon as root, which seems a security risk to me and goes against the
advice on the Syncthing wiki:
http://docs.syncthing.net/users/autostart.html#run-independent-of-user-login
There was a thread on the mailing-list in June with patches that run
Syncthing as an unprivileged user, see
http://lists.slackbuilds.org/pipermail/slackbuilds-users/2015-June/014347.html
Those patches seem sensible for a situation that where it runs as a system
daemon and hence appear to be a safer default. Only minor mistake appears
to be the mention of "Exim" in the suggested group add command.
Any progress on fixing this or is it intentional that it runs as root?
btw) the package is also relatively outdated with Syncthing at 0.12.10 vs
0.11.10 on SBo.
Best wishes,
Henkjan Gersen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.slackbuilds.org/pipermail/slackbuilds-users/attachments/20151231/56c4c047/attachment.html>
More information about the SlackBuilds-users
mailing list