>Removing suid on pure data partitions (as ITOps does here for home >directories) is probably a good idea. For the system partitions, I can't >see it as a good thing - if they are worried about security, a selective >removal of the suid bit from certain individual binaries is likely a >better option. But wholesale removal is unlikely to work (that is, >likely to leave the system crippled in weird ways).
Remember, also, that although nothing is ever perfect, Sun has gone to a lot more trouble to review source for the suid binaries line-by-line and also many of the libraries called by suid binaries, so these DID get more security attention than non-suid binaries. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Jan Parcel, Sustaining, Trusted OE (650)786-0044 Trusted Support Pages: http://trusted.sfbay
