suid less os's.

Posted Dec 24, 2010 5:59 UTC (Fri) by ebiederm (subscriber, #35028)
In reply to: OpenWall 3.0 by smoogen
Parent article: Linux capabilities support for user namespaces

Sigh plan 9 did this years ago; without suid, without sgid, and without capabilities.

Linux has all of the capabilities plan 9 did, so going suidless without caveats is possible if someone would care.

Frankly being able to raise the priveleges of an existing process is such a dangerous mechanism and so limiting on system design that I wish someone would care, and remove all suid, sgid, and capabilities use from a distro. It is hard to count how many neat new features have been shelved because of the requirement to support suid root executables.

suid less os's.

Posted Jan 5, 2011 12:13 UTC (Wed) by mjthayer (guest, #39183) [Link]

> Sigh plan 9 did this years ago; without suid, without sgid, and without capabilities.

I'm no expert on Plan 9, but from a bit of quick googling it looks to me like it had local server processes to do privileged things for other processes that didn't have the rights to do them themselves. Which sounds rather like DBus/PolicyKit to me.