the init.d script provided, would normally start mlnet as user ${USER}. with newer versions (mine is 2.9.0-r1) it wont, resulting in a p2p-application running with root-privileges. I labeled this bug "Major" as it might open the door for anyone exploiting the mlnet-application providing them with root-access. I did not label this bug "Critical" as to my knowledge, there are no current exploits known for that version of mlnet. Suggestions for a fix: line: 32 of init.d/mldonkey: add the parameter --chuid "${USER}" to the start-stop-daemon call in the start()-function. (possibly --user "${USER}" was mistaken to provide chuid) Reproducible: Always Steps to Reproduce: 1. change conf.d/mldonkey value of USER to the username you want mlnet running as. 2. execute /etc/init.d/mldonkey start 3. ps aux | grep mlnet Actual Results: mlnet running with root-uid: # ps aux | grep mlnet root 12699 13.7 5.3 52880 39784 ? RNsl 11:30 0:10 /usr/bin/mlnet Expected Results: mlnet running with ${USER}-uid: # ps aux | grep mlnet p2p 13078 82.7 2.0 20104 15184 ? RNs 11:35 0:03 /usr/bin/mlnet
Which baselayout version are you using?
baselayout-1.12.9-r2
Well, then upgrade to baselayout-2 and it will work. :)
Fixed in -r2, thanks
I've also changed s-s-d for baselayout-2 so that --user foo does the same as --chuid foo in case there are other instances of this.
Hi, it seems that something went wrong with this update... Mldonkey doensn't start and doesn't log anything... Please see http://forums.gentoo.org/viewtopic-p-4194851.html Thanks -ermanno
The problem was that many files used by mldonkey were owned by root. That's why mldonkey-2.9.0-r2 wasn't working and wasn't logging. Changing the owner back to p2p solved the problem. Thanks and sorry for buggin around... -ermanno