[pkg-go] Bug#1001147: syncthing.service appears to be enabled for all users
Francois Marier
francois at debian.org
Sun Dec 5 08:53:55 GMT 2021
Package: syncthing
Version: 1.18.0~ds1-1
Severity: normal
I've noticed a couple of odd things in my logs since a recent SyncThing
upgrade.
The first one is that a new SyncThing device I can't identify is now being
advertised from my laptop. The ID I see being advertised is not the one I
use on that device.
Secondly, I see the following in my logs:
Dec 4 07:40:13 akranes syncthing[1962943]: WARNING: Failure on home directory: mkdir /bin/.config: permission denied
which suggests that SyncThing is trying to run with one of the system user
accounts that have /bin/ as their homedir:
$ grep :/bin: /etc/passwd
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
Finally, I found Sync directories in odd places:
/var/lib/gdm3/Sync
/var/spool/email-reminder/Sync
I'm not an expert in systemd service files, but this suggests to me that
SyncThing is being run from many user accounts which really shouldn't run
it. They should especially not creating new directories and start sharing
them on the network.
Francois
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.15.0-2-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_CA.utf8, LC_CTYPE=fr_CA.utf8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages syncthing depends on:
ii init-system-helpers 1.60
ii libc6 2.32-4
syncthing recommends no packages.
syncthing suggests no packages.
-- no debconf information
More information about the Pkg-go-maintainers
mailing list