[ubuntu-hardened] Removing SUID on binaries that don't need it

John Richard Moser nigelenki at comcast.net
Fri Nov 30 03:24:18 GMT 2007

Jeff Schroeder wrote:
> On Nov 29, 2007 3:24 PM, John Richard Moser <nigelenki at comcast.net> wrote:
> The point of this discussion was whether or not we should investigate
> removing suid bits from binaries that don't need them, not how to write
> better software.

Yes, we're off-track.  That happens too much.

> Stripping suid might prevent that 1 case where buggy code or some new
> class of exploit comes out (hello dangling pointers!) allows an attacker to
> gain root.

Yes, I think the original argument had that somewhere but it's been 
stripped out and rehashed so much.

Bring back the Firefox plushy!

More information about the ubuntu-devel mailing list