l...@gnu.org (Ludovic Courtès) writes:
> I think we must just be clear that GuixSD will be the only one to
> benefit from a solution along the lines you wrote, at least for the
> foreseeable future.
Well, I am slightly more optimistic than that. It may be that this
solution is such a success that
Hi!
sba...@catern.com skribis:
> l...@gnu.org (Ludovic Courtès) writes:
>> Well, the kernel Linux will forever support setuid binaries
>
> That can be selectively turned off per-mount, simply specify the nosuid
> option. And so eventually we can get to a point where setuid is a Linux
> build conf
Christopher Allan Webber writes:
> So, you're running psudo, and this thing maybe accepts connections over
> something more secure, *maybe* unix domain sockets... so restrict group
> access to the socket to users in the "psudo" group.
>
> From there, maybe it could require PAM authentication while
Ludovic Courtès writes:
> SSH is a complex protocol and its implementations are complex too. I
> would find it unreasonable to replace ‘su’ and ‘sudo’ with something
> this complex, that goes through the TCP/IP stack, etc.
I agree. We could maybe have a pseudo-sudo service that is built just
fo
l...@gnu.org (Ludovic Courtès) writes:
> Well, the kernel Linux will forever support setuid binaries
That can be selectively turned off per-mount, simply specify the nosuid
option. And so eventually we can get to a point where setuid is a Linux
build configuration option, which distros can turn of
Hello!
sba...@catern.com skribis:
> == Why remove setuid binaries? ==
>
> setuid binaries are problematic for two reasons:
>
> 1. Each binary is an attack surface which is frequently exploited by
>attackers for local privilege escalation. So getting rid of them
>would improve security.
>
Chris Marusich writes:
> Hi,
>
> I don't think I have all the answers, but this is an interesting topic,
> so I'll chime in with what I can. I'm sure others will have more
> thoughts to share, too.
>
> sba...@catern.com writes:
>
>> 1. Each binary is an attack surface which is frequently exploite
Hi,
I don't think I have all the answers, but this is an interesting topic,
so I'll chime in with what I can. I'm sure others will have more
thoughts to share, too.
sba...@catern.com writes:
> 1. Each binary is an attack surface which is frequently exploited by
>attackers for local privileg
Hi guix-devel,
Has any effort been put into eliminating the need for setuid binaries
from GuixSD? I would be interested in working on that.
== Why remove setuid binaries? ==
setuid binaries are problematic for two reasons:
1. Each binary is an attack surface which is frequently exploited by
