1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1094257: mpris-proxy running as root

    From Salvatore Bonaccorso@21:1/5 to All on Sat May 17 15:30:01 2025
    Hi,

    On Fri, May 09, 2025 at 12:25:11PM -0400, Jeremy Bícha wrote:
    On Fri, May 9, 2025 at 11:27 AM Antonio Russo <aerusso@aerusso.net> wrote:
    I'm tagging this bug as a security bug because it needlessly
    starts a process that should not be running as root.

    Have you sent your patch to the security contact at https://www.bluez.org/development/security-bugs/ yet?

    I noticed that there is a upstream report here: https://lore.kernel.org/linux-bluetooth/a15e6919-9000-4628-baec-a2d2cc327903@aerusso.net/

    FWIW, while there are security concerns, I think it needs to be
    handled upstream first, and Debian not diverge. So once this is
    applied upstream it might or might not flow in time into trixie before
    release.

    I'm looping in as well Guido, original author to add the user systemd
    unit here.

    Guido, what is your take here?

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)