X-Original-To: alpine-devel@mail.alpinelinux.org Delivered-To: alpine-devel@mail.alpinelinux.org Received: from mail.alpinelinux.org (dallas-a1.alpinelinux.org [127.0.0.1]) by mail.alpinelinux.org (Postfix) with ESMTP id B54F2DC0459 for ; Tue, 26 May 2015 10:04:49 +0000 (UTC) Received: from mail-lb0-f178.google.com (mail-lb0-f178.google.com [209.85.217.178]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.alpinelinux.org (Postfix) with ESMTPS id 5110ADC008B for ; Tue, 26 May 2015 10:04:44 +0000 (UTC) Received: by lbbqq2 with SMTP id qq2so66522370lbb.3 for ; Tue, 26 May 2015 03:04:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:date:from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-type:content-transfer-encoding; bh=HZDSbx32QRv9VacCX5TPXh25FDAxgjmSGpOANzhuBtc=; b=bfbDHm/qu+wcL3tKdlrgcs/sslEEdgqGMwPwXs0kRQ8oc1ydGKIABo1o4WHDZCJgyc GsY8WEGqVzCcZRt/IvKCrO9cePUCQvTweOOUsDR4gxyk7yE1jG804+sIwDurUHceNIph 0zouaTgrBS39RAK8k54/lpcUkC0Jc4s/Ax7Lo8qBqEsB405cKifugjtw9p8h/FVEAoTD 30ny4KRNH7AZu71dubiPtWhFO/sAXpCWezowLEVX/0BmAIh5a6OB48TjmWCrXVP/ZrV+ EkqH2k2U9SBPpZd32LVMJbY5vCDOLqLxflqrJATSKpo8L/4+l0r2nsUH3nmvNl9iMQWr 60rw== X-Received: by 10.152.88.99 with SMTP id bf3mr21477751lab.97.1432634681948; Tue, 26 May 2015 03:04:41 -0700 (PDT) Received: from vostro ([2001:1bc8:101:f402:21a:9fff:fe0c:4022]) by mx.google.com with ESMTPSA id w10sm2928121laz.6.2015.05.26.03.04.41 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 26 May 2015 03:04:41 -0700 (PDT) Sender: =?UTF-8?Q?Timo_Ter=C3=A4s?= Date: Tue, 26 May 2015 13:04:38 +0300 From: Timo Teras To: William Pitcock Cc: alpine-devel@lists.alpinelinux.org Subject: Re: [alpine-devel] 3.3 proposal: reduce number of SUID binaries as much as possible Message-ID: <20150526130438.4e59e2f5@vostro> In-Reply-To: References: X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.25; x86_64-alpine-linux-musl) X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP On Tue, 26 May 2015 04:32:01 -0500 William Pitcock wrote: > I would like to see a general reduction of SUID binaries where > possible. For example, a lot of APKBUILDs have options=suid when > there's probably no real reason for it. > > Examples include ... > > main/apache2 > main/atop > main/email2trac > main/fping > main/fuse > main/haserl > main/krb5 > main/mailx > main/man (i have no idea why you need SUID to view manpages???) > main/mate-applets (why would we ever give a GUI defacto root???) > main/nagios-plugins > main/vte > main/xscreensaver > > We should really investigate why these packages need suid and then fix > the problems. I guess they want read or write access to some > filesystem path that is normally hidden. In this case, we should fix > the filesystem so that we're not hiding junk we don't need to. > Security by obscurity isn't. Patches are welcome :) And now that apk handles xattr's it'd be trivial to use filecap in some of the cases. E.g. fping should really need only NET_RAW and possibly NET_BIND_SERVICE. Or perhaps it would even work using the non-privileged ICMP sockets. Do note that this also applies running system daemons as non-root. So the list of packages is a lot larger. E.g. I just recently converted strongSwan to run as 'ipsec'. But yes, this is something we want to work towards. And I hope we get many patches on this :) /Timo --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---