[ubuntu-hardened] Removing SUID on binaries that don't need it

John Richard Moser nigelenki at comcast.net
Thu Nov 29 23:24:55 GMT 2007

Phillip Susi wrote:
> Scott James Remnant wrote:
>> The other process owned by the user that ptraced you, and made you skip
>> the syscalls that dropped your caps.
> You can't ptrace suid programs.

  - You can if you're root

  - Nobody cares, you're root already

  - If you're using SELinux, it shouldn't let you ptrace across contexts

  - If you can, somebody needs to fix your policy

  - You have no caps to drop if you're not root (via SUID or other)

I think that covers about everything.  There's a lot of "well this 
situation lets you get away with it" that ends something like "... but 
you own the box already anyway."


Bring back the Firefox plushy!

More information about the ubuntu-devel mailing list