[ubuntu-hardened] Removing SUID on binaries that don't need it
John Richard Moser
nigelenki at comcast.net
Fri Nov 30 03:24:18 GMT 2007
Jeff Schroeder wrote:
> On Nov 29, 2007 3:24 PM, John Richard Moser <nigelenki at comcast.net> wrote:
>
> The point of this discussion was whether or not we should investigate
> removing suid bits from binaries that don't need them, not how to write
> better software.
Yes, we're off-track. That happens too much.
>
> Stripping suid might prevent that 1 case where buggy code or some new
> class of exploit comes out (hello dangling pointers!) allows an attacker to
> gain root.
>
Yes, I think the original argument had that somewhere but it's been
stripped out and rehashed so much.
--
Bring back the Firefox plushy!
http://digg.com/linux_unix/Is_the_Firefox_plush_gone_for_good
https://bugzilla.mozilla.org/show_bug.cgi?id=322367
More information about the ubuntu-hardened
mailing list