X-Original-To: alpine-devel@mail.alpinelinux.org Delivered-To: alpine-devel@mail.alpinelinux.org Received: from mail.alpinelinux.org (dallas-a1.alpinelinux.org [127.0.0.1]) by mail.alpinelinux.org (Postfix) with ESMTP id DBC88DC140D; Thu, 28 May 2015 06:03:17 +0000 (UTC) Received: from ncopa-desktop.alpinelinux.org (unknown [79.160.13.133]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: n@tanael.org) by mail.alpinelinux.org (Postfix) with ESMTPSA id 21F47DC0139; Thu, 28 May 2015 06:03:16 +0000 (UTC) Date: Thu, 28 May 2015 08:03:13 +0200 From: Natanael Copa To: eleksir Cc: alpine-devel@lists.alpinelinux.org Subject: Re: [alpine-devel] 3.3 proposal: reduce number of SUID binaries as much as possible Message-ID: <20150528080313.7c08ea9c@ncopa-desktop.alpinelinux.org> In-Reply-To: <5564D539.1050102@exs-elm.ru> References: <20150526134643.GA1825@newbook> <5564D539.1050102@exs-elm.ru> X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.25; x86_64-alpine-linux-musl) X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP > > On Tue, May 26, 2015 at 04:32:01AM -0500, William Pitcock wrote: > >> I would like to see a general reduction of SUID binaries where > >> possible. For example, a lot of APKBUILDs have options=suid when >> there's probably no real reason for it. On Tue, 26 May 2015 23:19:05 +0300 eleksir wrote: > Sure. Let's remove suid from sudo and su. It will be clever joke when > you try to switch to root and fail. Go ahead you security freak, remove > all suid bits and patch kernel/libc to remove all roots of this suid evil. He said "where possible" and "when there's ... no real reason for it". > C'mon people, stop already this talks about "cleaning" system. Submit > patches, make upstream (not distro maintainers) accept them. We want fix it upstream yes. I still think its a good idea to look over the places and submit bugs upstream. -nc --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---