APT whitelist request for runit

[BanzaiMan]

This replaces travis-ci/travis-ci#4433.

The original text by @powerman follows

---

This is needed for https://magnum.travis-ci.com/inCaller/server-prototype

[BanzaiMan]

Ran tests and found setuid bits by purely textual search. Further analysis is required.

If these are found to be benign, add:

runit

See https://travis-ci.org/travis-ci/apt-whitelist-checker/builds/72545650.

[powerman]

That's strange, I'm using runit on Gentoo Linux for years, and it doesn't have any SUID binaries.

[powerman]

Any progress here? Maybe you can just drop SUID bit from these binaries? BTW, which binaries are SUID?

[BanzaiMan]

There are a few occurrences of setuid and setgid. https://travis-ci.org/travis-ci/apt-whitelist-checker/builds/72545650#L673

[powerman]

Oh, you mean in sources. Yeah, runit contains chpst tool which is supposed to be used to "change process state", including lowering privileges to run system services as non-root user. http://manpages.ubuntu.com/manpages/gutsy/man8/chpst.8.html

The /usr/bin/chpst tool itself isn't SUID, so only way to use these setuid/setgid syscalls is to call chpst as root to lower privileges.

[travisbot]

This is an automated comment.

Ran tests and found setuid bits by purely textual search. Further analysis is required.

If these are found to be benign, examine http://github.com/travis-ci/apt-package-whitelist/compare/test-apt-package-whitelist-430 and its PR.

Packages found: runit

See https://travis-ci.org/travis-ci/apt-whitelist-checker/builds/440490493 for details.