[ubuntu-hardened] Removing suid root from binaries where it isn't needed

[Chad Sellers]

On 10/30/07 9:52 PM, "gaten" <education.kills at gmail.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Jeff Schroeder wrote:
> 
>>> I'm only a bit familiar with Serge's patch. I'm pretty sure it
>>> requires a filesystem that supports extended attributes. You may run
>>> into problems (particularly on the LiveCD) because of this.
>> Very good point this functionality does require a filesystem that
>> support EA like ext3. What does the livecd use? Cramfs? Squashfs?
>> There is some sort of infrastructure to deal with differences in how
>> the livecd is built. I think it is called casper, but can't rememeber
>> right now. This is an important issue to address.
> OK, time to put your tin=foil hats on for a moment, bare with me. Any
> journaling filesystem is bad if you're interested in making deleted
> files as hard to recover as possible. Yes, I understand ext3 is a good
> fs and is pretty much the standard nowadays,  but would we really be on
> a SELinux mailing list if we weren't just a little bit crazy and
> paranoid? I don't know enough about the other fs's you mentioned to know
> if they are journaled, but perhaps its something to consider.
> 
xattrs are present in ext2 (and many other filesystems) as well if you're
paranoid about something like this. That said, this seems pretty limited in
usefulness. For me, SELinux and other complimentary standard Linux security
mechanisms are enough to prevent unauthorized access to my filesystem. If
it's not for you (because of kernel exploit, physical access, or other
reasons), then you should probably not put said data on the filesystem in
the first place.

> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> 
> iD8DBQFHJ9/XA+UZbCImQKQRAl/MAJwIeEE9qj2oBTVoz623TYaKjrbNgwCgmcPb
> WTjQSJUjl6up688qohskxyg=
> =A4Ns
> -----END PGP SIGNATURE-----