X-Original-To: alpine-devel@mail.alpinelinux.org Delivered-To: alpine-devel@mail.alpinelinux.org Received: from mail.alpinelinux.org (dallas-a1.alpinelinux.org [127.0.0.1]) by mail.alpinelinux.org (Postfix) with ESMTP id A9BE8DC0E9C; Tue, 26 May 2015 11:55:41 +0000 (UTC) Received: from ncopa-desktop.alpinelinux.org (unknown [79.160.13.133]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: n@tanael.org) by mail.alpinelinux.org (Postfix) with ESMTPSA id EDBE0DC0234; Tue, 26 May 2015 11:55:40 +0000 (UTC) Date: Tue, 26 May 2015 13:55:37 +0200 From: Natanael Copa To: William Pitcock Cc: alpine-devel@lists.alpinelinux.org Subject: Re: [alpine-devel] 3.3 proposal: reduce number of SUID binaries as much as possible Message-ID: <20150526135537.67ace052@ncopa-desktop.alpinelinux.org> In-Reply-To: References: X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.25; x86_64-alpine-linux-musl) X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP On Tue, 26 May 2015 04:32:01 -0500 William Pitcock wrote: > Hello, > > I would like to see a general reduction of SUID binaries where > possible. For example, a lot of APKBUILDs have options=suid when > there's probably no real reason for it. yes. i'd love to clean up this. > > Examples include ... > > main/apache2 > main/atop > main/email2trac > main/fping > main/fuse > main/haserl > main/krb5 > main/mailx > main/man (i have no idea why you need SUID to view manpages???) !!!? lets purge it. mdoc-ml is there. i think there is also a mandb or something from GNU. > main/mate-applets (why would we ever give a GUI defacto root???) > main/nagios-plugins > main/vte > main/xscreensaver I suspect many of them needs major refactoring for fixing it properly. For example, kernel now has support for icmp echo without root, but i have not been able to make it work. you need refactor the ping applications. IIRC fping tries open the socket with SOCK_DGRAM and fall back to SOCK_RAW (which requires root). I think this works on OSX, but to make it work on linux you need refactor lots of other stuff too. > We should really investigate why these packages need suid and then fix > the problems. I guess they want read or write access to some > filesystem path that is normally hidden. In this case, we should fix > the filesystem so that we're not hiding junk we don't need to. > Security by obscurity isn't. Yes. we should try fix as many as possible. > > William > > > --- > Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org > Help: alpine-devel+help@lists.alpinelinux.org > --- > --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---