The sqlgrey systemd service can be improved and hardened. I suggest that User=sqlgrey and Group=sqlgrey be added to match what the build sets up already (eliminating sqlgrey ever running as root). PIDFile=/run/sqlgrey.pid should also be specified. These hardening options should be added: CapabilityBoundingSet= PrivateTmp=yes PrivateDevices=yes ProtectSystem=full ProtectHome=yes NoNewPrivileges=yes
https://github.com/gentoo/gentoo/pull/1800
Doesn't sqlgrey drop privileges itself?
(In reply to Michał Górny from comment #2) > Doesn't sqlgrey drop privileges itself? It does. But why trust if we don't have to? IMHO it's better to never have privileges rather than have them only to drop them. With the "never have privileges" approach, no one has to trust that the dropping is done correctly, that there isn't a vulnerability before dropping, that there isn't a way to get back root after dropping, or any number of other problems.
It looks to me that this was fixed years ago by @mgorny via https://github.com/gentoo/gentoo/commit/1a34370c22e9d57dbf10f3830528b19c17704d5d and thus can be closed as fixed.
thanks