There is no particular reason to run shadowsocks-libev as root whatsoever. Please consider running it as dedicated user or nobody:nogroup to avoid system damage in CVE cases, such as https://bugs.gentoo.org/634422.
Maintainer, please give your input on this.
(In reply to John Helmert III (ajak) from comment #1) > Maintainer, please give your input on this. sounds good to me, I almost have the fixes ready, will push once tested
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=34fde22d157226fb9bae167225265d6724588186 commit 34fde22d157226fb9bae167225265d6724588186 Author: Yixun Lan <dlan@gentoo.org> AuthorDate: 2020-09-26 15:05:20 +0000 Commit: Yixun Lan <dlan@gentoo.org> CommitDate: 2020-09-27 08:14:10 +0000 net-proxy/shadowsocks-libev: run as non-privilege user * fix security issue, run as non-root user * use systemd unit files from the package source Bug: https://bugs.gentoo.org/731058 Package-Manager: Portage-3.0.0, Repoman-2.3.23 Signed-off-by: Yixun Lan <dlan@gentoo.org> .../files/shadowsocks-libev-local_at.service | 11 ----------- .../files/shadowsocks-libev-redir_at.service | 11 ----------- .../files/shadowsocks-libev-server_at.service | 11 ----------- .../files/shadowsocks-libev-tunnel_at.service | 11 ----------- net-proxy/shadowsocks-libev/files/shadowsocks.initd | 9 ++++++--- ...s-libev-3.3.4.ebuild => shadowsocks-libev-3.3.4-r1.ebuild} | 11 ++++++----- 6 files changed, 12 insertions(+), 52 deletions(-)
Thanks dlan. Looks like all is fixed here.
