[alpine-devel] 3.3 proposal: reduce number of SUID binaries as much as possible
I would like to see a general reduction of SUID binaries where
possible. For example, a lot of APKBUILDs have options=suid when
there's probably no real reason for it.
Examples include ...
main/man (i have no idea why you need SUID to view manpages???)
main/mate-applets (why would we ever give a GUI defacto root???)
We should really investigate why these packages need suid and then fix
the problems. I guess they want read or write access to some
filesystem path that is normally hidden. In this case, we should fix
the filesystem so that we're not hiding junk we don't need to.
Security by obscurity isn't.
Received on Tue May 26 2015 - 04:32:01 UTC