https://bugzilla.suse.com/show_bug.cgi?id=1212862 Bug ID: 1212862 Summary: AUDIT-1: shadowsocks-rust: systemd service Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: wolfgang.frisch@suse.com QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- shadowsocks-rust [0] is a Rust port of shadowsocks [1]. This package ships with 3 systemd services, all running as root:
RPM: shadowsocks-rust-1.15.3-2.1.x86_64.rpm on x86_64 Package: shadowsocks-rust Service path: /usr/lib/systemd/system/shadowsocks-rust-client.service Runs as: root:root Exec lines: ExecStart=/usr/bin/sslocal --log-without-time -c /etc/shadowsocks/shadowsocks-rust.json --tcp-fast-open
RPM: shadowsocks-rust-1.15.3-2.1.x86_64.rpm on x86_64 Package: shadowsocks-rust Service path: /usr/lib/systemd/system/shadowsocks-rust-manager.service Runs as: root:root Exec lines: ExecStart=/usr/bin/ssmanager --log-without-time -c /etc/shadowsocks/shadowsocks-rust.json --tcp-fast-open
RPM: shadowsocks-rust-1.15.3-2.1.x86_64.rpm on x86_64 Package: shadowsocks-rust Service path: /usr/lib/systemd/system/shadowsocks-rust-server.service Runs as: root:root Exec lines: ExecStart=/usr/bin/ssserver --log-without-time -c /etc/shadowsocks/shadowsocks-rust.json --tcp-fast-open
For reference, previous CVEs in the original shadowsocks: [2][3][4] [0] https://github.com/shadowsocks/shadowsocks-rust [1] https://github.com/shadowsocks/shadowsocks-libev [2] https://bugzilla.suse.com/show_bug.cgi?id=1159545 [3] https://bugzilla.suse.com/show_bug.cgi?id=1158251 [4] https://bugzilla.suse.com/show_bug.cgi?id=1158365 -- You are receiving this mail because: You are on the CC list for the bug.