Lennart Poettering on Nostr: This whole mess just makes me think we should try harder to kick suid/fcaps out of ...
This whole mess just makes me think we should try harder to kick suid/fcaps out of general purpose Linux distributions. The whole concept is fundamentally backwards, and one of the major weaknesses of traditional UNIX I am sure. The idea behind suid/fcaps of first granting the privileges, inheriting some major, uncontrolled part of the execution environment/resource context/security context and then expecting the binary to securely gate its misuse is just a major mistake:
https://www.openwall.com/lists/oss-security/2023/10/03/2Published at
2023-10-04 09:22:22Event JSON
{
"id": "55e913225928334324f115abe612da30c00368806bf15daf54dac9c3222519ef",
"pubkey": "1d95c32d9a9d95a54f98eb2eaa156f3d3a71dc49eca2c960b2b89962758f1cc0",
"created_at": 1696411342,
"kind": 1,
"tags": [
[
"proxy",
"https://mastodon.social/users/pid_eins/statuses/111176013718266394",
"activitypub"
]
],
"content": "This whole mess just makes me think we should try harder to kick suid/fcaps out of general purpose Linux distributions. The whole concept is fundamentally backwards, and one of the major weaknesses of traditional UNIX I am sure. The idea behind suid/fcaps of first granting the privileges, inheriting some major, uncontrolled part of the execution environment/resource context/security context and then expecting the binary to securely gate its misuse is just a major mistake: https://www.openwall.com/lists/oss-security/2023/10/03/2",
"sig": "536916bbc3d4dd1d3dc6c70d4355b5cbd63ae5f3162e3992e2d86ff6e2684f9d92c07400cf5bad546c83b488af9435c58812d91d3f85ad948cddad158c530663"
}
