On Wed, Apr 30, 2014 at 3:56 PM, Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx> wrote: > If that's what you think, okay. I do agree with you that suids & all are the > worse thing. After all, it's like winning the lottery for hackers and that's > probably where they focus most. But still fear something ending up executed > via unwanted/unpredicted ways, specially when systems are getting more > integrated, clever and smarter day after day. If the goal is to close the giant attack surface that setuid things provide, then there's almost an easy solution: use PR_SET_NO_NEW_PRIVS. It's integrated with systemd, but my effort to get it into PAM [1] didn't seem to go anywhere. I think that, for the most part, most daemons should have no_new_privs set. PAM integration would make it work for services like gitolite and for ordinary shell users who are willing to tolerate minor regressions like being unable to change passwords. :) [1] http://www.redhat.com/archives/pam-list/2013-October/msg00012.html --Andy -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
