On 24.08.2025 13:59, Helge Deller wrote:
In general, just if someone can shoot himself into the foot you should not remove features. Instead, disabling it by default, and adding a big fat warning if people enable it is a good way forward.
It is not "someone can shoot himself into the foot". We don't ship a configuration option to make /bin/sh suid root. This would make a lot of use cases to work, this will simplify a lot of stuff, etc. But we don't have such option. This is done for a reason, - it breaks whole system security concept, entirely. You can chmod u+s /bin/sh on any of your system, but this "configuration item" is not even described in any official docs. Unfortunately, qemu's C flag is of this same theme. It requires a tiny effort to get root, compared with `chmod u+s /bin/sh`, but it's a trivial way still, just one extra step. In short, qemu-user C flag breaks whole system security concept. This is why it not only shouldn't be on by default but it should not exist, at all. And if some system is willing to do chmod u+s their /bin/sh, they're free to do so, it's not a rocket science or requires a recompile or something. /mjt