Re: [alpine-devel] 3.3 proposal: reduce number of SUID binaries as much as possible
On Tue, 26 May 2015 04:32:01 -0500
William Pitcock <nenolod_at_dereferenced.org> wrote:
> I would like to see a general reduction of SUID binaries where
> possible. For example, a lot of APKBUILDs have options=suid when
> there's probably no real reason for it.
> Examples include ...
> main/man (i have no idea why you need SUID to view manpages???)
> main/mate-applets (why would we ever give a GUI defacto root???)
> We should really investigate why these packages need suid and then fix
> the problems. I guess they want read or write access to some
> filesystem path that is normally hidden. In this case, we should fix
> the filesystem so that we're not hiding junk we don't need to.
> Security by obscurity isn't.
Patches are welcome :)
And now that apk handles xattr's it'd be trivial to use filecap in some
of the cases. E.g. fping should really need only NET_RAW and
possibly NET_BIND_SERVICE. Or perhaps it would even work using the
non-privileged ICMP sockets.
Do note that this also applies running system daemons as non-root. So
the list of packages is a lot larger. E.g. I just recently converted
strongSwan to run as 'ipsec'.
But yes, this is something we want to work towards. And I hope we get
many patches on this :)
Received on Tue May 26 2015 - 13:04:38 GMT