On 07/03/2016 16:06, Luis Ressel wrote:
> I'm aware of this. What's so bad about people being able to run
> s6-linux-init-maker without root permissions?
What is so bad is that the produced output is not suitable for booting:
files will be owned by a non-root user, who then has the necessary permissions
to meddle with the boot process.
If I make s6-linux-init-maker available to non-root users, people will run it as a non-root user, then attempt to use the produced scripts for booting, and it
will either fail, or succeed while opening a giant security hole. The use case
you are suggesting is valid, but does not balance the risk.
If you do not have root privileges and still want to run s6-linux-init-maker,
download and compile the package yourself - the binary will still have 0755
rights, but you will own it.
--
Laurent
Received on Mon Mar 07 2016 - 16:05:45 UTC