On Wed, 11.02.15 16:24, Topi Miettinen ([email protected]) wrote: > On 02/10/15 21:00, Lennart Poettering wrote: > > On Sat, 07.02.15 10:40, Topi Miettinen ([email protected]) wrote: > > > >> No setuid programs are expected to be executed, so add > >> SecureBits=no-setuid-fixup no-setuid-fixup-locked > >> to unit files. > > > > So, hmm, after reading the man page again: what's the rationale for > > precisely these bits? > > > > I mean no-setuid-fixup seems to be something that applies to setuid(), > > setresuid() calls and suchlike, which seems pretty uninteresting. Much > > more interesting is SECBIT_NOROOT, which disables suid binary > > handling... > > Yes, noroot noroot-locked was actually my intention, sorry. I'll update > the patch. > > Maybe all of "noroot noroot-locked no-setuid-fixup > no-setuid-fixup-locked" would be OK, but that probably needs another > look at the programs if they switch UIDs.
I'd be careful with more than noroot, since the other flags alter bbehaviour across setuid() and similar calls, and much of our code makes assumptions that will likely not hold if you set those bits... Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
