| |||||||||||||
suid-binary vulnerabilitiessuid-binary vulnerabilitiesPosted Oct 29, 2010 11:49 UTC (Fri) by kees (subscriber, #27264)In reply to: suid-binary vulnerabilities by marcH Parent article: Two glibc vulnerabilities
Why? If this is about whole-system security, there will still be binaries with CAP_SETUID (su, sudo, newrole, seunshare, etc). It absolutely reduces the attack surface in general, but linker vulnerabilities will remain a serious problem. Removing the setuid bit is a great idea for reducing the impact of bugs in the setuid program itself, though.
(Log in to post comments)
suid-binary vulnerabilities Posted Oct 29, 2010 11:52 UTC (Fri) by rahulsundaram (subscriber, #21946) [Link]
"Removing the setuid bit is a great idea for reducing the impact of bugs in the setuid program itself, though"
Precisely, the goal.
suid-binary vulnerabilities Posted Oct 29, 2010 13:41 UTC (Fri) by marcH (subscriber, #57642) [Link]
> Why? If this is about whole-system security, there will still be binaries with CAP_SETUID (su, sudo, newrole, seunshare, etc).
"Let's not bother making the windows more secure, because the front door sucks anyway".
Actually, let's bother. Because it's progress:
> It absolutely reduces the attack surface in general,...
Agreed!
suid-binary vulnerabilities Posted Oct 29, 2010 15:14 UTC (Fri) by kees (subscriber, #27264) [Link]
Right, I don't meant to say it shouldn't be done. Getting rid of the setuid bit is a great goal. I was just trying to point out that it does not solve problems like those recently found in glibc. It _does_, of course, kill a whole separate set of problems, and I love that. :) I just don't want people to think dropping setuid bits is a magic bullet for solving all local privilege escalations.
|
|||||||||||||