Mail archive

Re: [alpine-devel] 3.3 proposal: reduce number of SUID binaries as much as possible

From: Timo Teras <>
Date: Tue, 26 May 2015 13:04:38 +0300

On Tue, 26 May 2015 04:32:01 -0500
William Pitcock <> wrote:

> I would like to see a general reduction of SUID binaries where
> possible. For example, a lot of APKBUILDs have options=suid when
> there's probably no real reason for it.
> Examples include ...
> main/apache2
> main/atop
> main/email2trac
> main/fping
> main/fuse
> main/haserl
> main/krb5
> main/mailx
> main/man (i have no idea why you need SUID to view manpages???)
> main/mate-applets (why would we ever give a GUI defacto root???)
> main/nagios-plugins
> main/vte
> main/xscreensaver
> We should really investigate why these packages need suid and then fix
> the problems. I guess they want read or write access to some
> filesystem path that is normally hidden. In this case, we should fix
> the filesystem so that we're not hiding junk we don't need to.
> Security by obscurity isn't.

Patches are welcome :)

And now that apk handles xattr's it'd be trivial to use filecap in some
of the cases. E.g. fping should really need only NET_RAW and
possibly NET_BIND_SERVICE. Or perhaps it would even work using the
non-privileged ICMP sockets.

Do note that this also applies running system daemons as non-root. So
the list of packages is a lot larger. E.g. I just recently converted
strongSwan to run as 'ipsec'.

But yes, this is something we want to work towards. And I hope we get
many patches on this :)


Received on Tue May 26 2015 - 13:04:38 GMT