Re: [alpine-devel] 3.3 proposal: reduce number of SUID binaries as much as possible
On Tue, May 26, 2015 at 04:32:01AM -0500, William Pitcock wrote:
> I would like to see a general reduction of SUID binaries where
> possible. For example, a lot of APKBUILDs have options=suid when
> there's probably no real reason for it.
> Examples include ...
Perhaps a workaround for grsec limits on sysfs/procfs permissions?
> main/man (i have no idea why you need SUID to view manpages???)
On Debian, this is an install-time choice: suid allows caching manpages
in "catdoc" (preformatted text) format.
> main/mate-applets (why would we ever give a GUI defacto root???)
I'd guess this might be the same as atop.
Something to do with ptys, I'm not sure exactly what.
A screensaver needs to be able to lock the screen, and presumably
also require a password.
Received on Tue May 26 2015 - 06:46:44 GMT