Excerpts from Serge Hallyn's message of Thu Mar 29 09:01:42 -0700 2012: > Quoting Andrea Corbellini ([email protected]): > > Hello, > > > > As many of you already know, there are some setuid executables in Ubuntu > > that perform very specific tasks and do not need many special privileges > > (ping and traceroute are just two examples). My proposal is to remove > > their setuid flag and set the file capabilities they need through > > setcap(8). This will indeed reduce the risk of privilege escalation. > > > > I think this is the right time to start discussing about this feature > > because 12.10 is four releases away from the next LTS and the risk of > > committing serious mistakes is lower. > > > > So, what do you think? Is it something that we could do for the > > Q-series? > > One of the things which always blocked this in the past has been > support for non-xattr filesystems, in particular NFS. Perhaps > it's something postinst can tweak based on fs support? > > Couldn't hurt to have another session on this at next UDS. >
Wouldn't it be simpler to just have apparmor confine these binaries to their intended setuid-needing capabilities? -- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
