[Python-apps-team] Bug#832758: irkerd.service runs irkerd as root (should run as user "irker")

anarcat anarcat at debian.org
Mon Sep 12 16:15:55 UTC 2016

Control: tags -1 +pending
Control: forwarded https://gitlab.com/esr/irker/merge_requests/15

The following patch should fix that problem:

commit 1980b7cb4239463b581579cc39480774d3e2d2fe
Author: Antoine Beaupré <anarcat at debian.org>
Date:   Mon Sep 12 12:01:44 2016 -0400

    run daemon as the irker user (Close: #832758)
    this is an improvement upon the default .service file. it requires a
    irker user to be created, something which is automatically handled by
    the debian package, but should be handled by other distributions when
    deploying the .service file.
    there are obvious dangers in running irkerd as root: a compromise
    would be catastrophic, and since it runs on public servers that are
    traditionnally pretty hostile (IRC), it seems critical that rights of
    the daemon be limited.

diff --git a/irkerd.service b/irkerd.service
index d19378b..82f39b0 100644
--- a/irkerd.service
+++ b/irkerd.service
@@ -7,6 +7,7 @@ Requires=network.target

I have forwarded it upstream as well.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/python-apps-team/attachments/20160912/36bcf0e7/attachment.sig>

More information about the Python-apps-team mailing list