[Secure-testing-team] Bug#806901: citadel: Runs as root but shouldn't
John Goerzen
jgoerzen at complete.org
Wed Dec 2 16:49:11 UTC 2015
Source: citadel
Version: 9.01-1+b1
Severity: important
Tags: security patch
Hi,
This server runs as root by default, but shouldn't. It spews warnings
over the console about it. The culprit is likely this line, which is
present in upstream's postinst but missing in ours:
export CITADEL_UID=`grep ^citadel: /etc/passwd | cut -d : -f 3`
(They have it right after export CITADEL_INSTALLER=yes)
The log message is:
Dec 01 21:54:59 citadel citserver[480]: citadel should not be configured
to run as root! Check the value of c_ctdluid
-- System Information:
Debian Release: 8.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
More information about the Secure-testing-team
mailing list