[ubuntu-hardened] Removing suid root from binaries where it isn't needed

[gaten]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jeff Schroeder wrote:

>> I'm only a bit familiar with Serge's patch. I'm pretty sure it
>> requires a filesystem that supports extended attributes. You may run
>> into problems (particularly on the LiveCD) because of this.
> Very good point this functionality does require a filesystem that
> support EA like ext3. What does the livecd use? Cramfs? Squashfs?
> There is some sort of infrastructure to deal with differences in how
> the livecd is built. I think it is called casper, but can't rememeber
> right now. This is an important issue to address.
OK, time to put your tin=foil hats on for a moment, bare with me. Any
journaling filesystem is bad if you're interested in making deleted
files as hard to recover as possible. Yes, I understand ext3 is a good
fs and is pretty much the standard nowadays,  but would we really be on
a SELinux mailing list if we weren't just a little bit crazy and
paranoid? I don't know enough about the other fs's you mentioned to know
if they are journaled, but perhaps its something to consider.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHJ9/XA+UZbCImQKQRAl/MAJwIeEE9qj2oBTVoz623TYaKjrbNgwCgmcPb
WTjQSJUjl6up688qohskxyg=
=A4Ns
-----END PGP SIGNATURE-----