Open BanzaiMan opened 9 years ago
Ran tests and found setuid bits by purely textual search. Further analysis is required.
If these are found to be benign, add:
runit
See https://travis-ci.org/travis-ci/apt-whitelist-checker/builds/72545650.
That's strange, I'm using runit on Gentoo Linux for years, and it doesn't have any SUID binaries.
Any progress here? Maybe you can just drop SUID bit from these binaries? BTW, which binaries are SUID?
There are a few occurrences of setuid
and setgid
. https://travis-ci.org/travis-ci/apt-whitelist-checker/builds/72545650#L673
Oh, you mean in sources. Yeah, runit contains chpst
tool which is supposed to be used to "change process state", including lowering privileges to run system services as non-root user. http://manpages.ubuntu.com/manpages/gutsy/man8/chpst.8.html
The /usr/bin/chpst tool itself isn't SUID, so only way to use these setuid/setgid syscalls is to call chpst as root to lower privileges.
This is an automated comment.
Ran tests and found setuid bits by purely textual search. Further analysis is required.
If these are found to be benign, examine http://github.com/travis-ci/apt-package-whitelist/compare/test-apt-package-whitelist-430 and its PR.
Packages found: runit
See https://travis-ci.org/travis-ci/apt-whitelist-checker/builds/440490493 for details.
This replaces travis-ci/travis-ci#4433.
The original text by @powerman follows
This is needed for https://magnum.travis-ci.com/inCaller/server-prototype