Fixed in 0.30.210 """snip""" I tried to use "vserver [servername] suexec [username] [command]" in my startup scripts, but instead of running as the user I expected, the process ran as root within the vserver. I learned that suexec takes a userid Number, instead of a username String. Since the usual result of pushing alphabetical characters through a convert-to-number function is 0, which is the userid of root... Invalid parameters should al least return an error, not run with extra priviledges. =) """snip"""
thi has not been fixed in 0.30.210, the patch has been added to 0.30.210-r12 and hopefully it will get in 0.30.211 upstream... although r12 is in for a few days, i made it stable, previous revisions got massive testing anyway..
This is ready for GLSA decision. I vote a full NO. Not even sure it's a security issue.
Full NO and closing.