[ubuntu-hardened] Removing suid root from binaries where it isn't needed

[Jeff Schroeder]

On 10/30/07, Chad Sellers <chad at thesellers.net> wrote:
> The good news here is that SELinux has already ran into a lot of
> these cases over the last few years, and a lot of the changes have
> made it into upstream packages. So at least the set of programs that
> behave as such has gotten smaller.
The only things that SELinux has gotten upstream sans SELinux specific
patches are patches to support EA (Extended Attributes) in many
utilities that would remove them before like tar or whatnot.

> I'm only a bit familiar with Serge's patch. I'm pretty sure it
> requires a filesystem that supports extended attributes. You may run
> into problems (particularly on the LiveCD) because of this.
Very good point this functionality does require a filesystem that
support EA like ext3. What does the livecd use? Cramfs? Squashfs?
There is some sort of infrastructure to deal with differences in how
the livecd is built. I think it is called casper, but can't rememeber
right now. This is an important issue to address.

The other important one is implementation. How would we implement this
on installed systems? The best way I can think of is via a postinstall
hook or apt trigger that runs the command to give it the proper
capabilities and strip suid root. I've done tons of rpm
packagebuilding and still very little debian packaging. Maybe someone
with more knowledge in this area should look at our options.

-- 
Jeff Schroeder

Don't drink and derive, alcohol and analysis don't mix.
http://www.digitalprognosis.com