[ubuntu-hardened] Removing SUID on binaries that don't need it
John Richard Moser
nigelenki at comcast.net
Thu Nov 29 23:24:55 GMT 2007
Phillip Susi wrote:
> Scott James Remnant wrote:
>> The other process owned by the user that ptraced you, and made you skip
>> the syscalls that dropped your caps.
> You can't ptrace suid programs.
- You can if you're root
- Nobody cares, you're root already
- If you're using SELinux, it shouldn't let you ptrace across contexts
- If you can, somebody needs to fix your policy
- You have no caps to drop if you're not root (via SUID or other)
I think that covers about everything. There's a lot of "well this
situation lets you get away with it" that ends something like "... but
you own the box already anyway."
Bring back the Firefox plushy!
More information about the ubuntu-hardened