[Slackbuilds-users] Syncthing init script on SBo runs as root - security risk?
s.arcus at open-t.co.uk
Thu Dec 31 08:59:12 UTC 2015
On 31/12/15 08:45, henkjan gersen wrote:
> The current version of Syncthing on SBo installs an init script that
> runs the daemon as root, which seems a security risk to me and goes
> against the advice on the Syncthing wiki:
> There was a thread on the mailing-list in June with patches that run
> Syncthing as an unprivileged user, see
It was I who submitted those suggestions and patches
> Those patches seem sensible for a situation that where it runs as a
> system daemon and hence appear to be a safer default. Only minor
> mistake appears to be the mention of "Exim" in the suggested group add
Thanks for catching that
> Any progress on fixing this or is it intentional that it runs as root?
I was told at the time that the maintainer should approve the changes. I
tried contacting the maintainer, but never heard anything back I'm afraid.
More information about the SlackBuilds-users