[ubuntu-hardened] Removing SUID on binaries that don't need it
John Richard Moser
nigelenki at comcast.net
Fri Nov 30 03:24:18 GMT 2007
Jeff Schroeder wrote:
> On Nov 29, 2007 3:24 PM, John Richard Moser <nigelenki at comcast.net> wrote:
> The point of this discussion was whether or not we should investigate
> removing suid bits from binaries that don't need them, not how to write
> better software.
Yes, we're off-track. That happens too much.
> Stripping suid might prevent that 1 case where buggy code or some new
> class of exploit comes out (hello dangling pointers!) allows an attacker to
> gain root.
Yes, I think the original argument had that somewhere but it's been
stripped out and rehashed so much.
Bring back the Firefox plushy!
More information about the ubuntu-devel