1213490 – security enhancement: no setuid

Bug 1213490 - security enhancement: no setuid

Summary: security enhancement: no setuid

Status:	NEW

Alias:	None

Product:	Granite
Classification:	SUSE ALP - SUSE Adaptable Linux Platform
Component:	Bootable Images (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Major
Target Milestone:	---
Assignee:	Frederic Crozat
QA Contact:	Jiri Srain

URL:
Whiteboard:
Keywords:

Depends on:	1171174
Blocks:
	Show dependency tree / graph

Clone This Bug

Reported:	2023-07-19 14:42 UTC by Guilherme Moro
Modified:	2023-07-19 14:42 UTC (History)
CC List:	5 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Guilherme Moro 2023-07-19 14:42:23 UTC

The way ALP is setting this in the config.sh is still broken, need to investigate consequences and if this is still the case.

+++ This bug was initially created as a clone of Bug #1171174 +++

setuid binaries are a potential attack vector for privilege escalation. MicroOS with it's limited scope has chance to close that hole by default and not ship any binaries with elevated privileges by default. Ie set the default level to "paranoid". This will prevent unprivileged (system) users from potentially exploiting

- shadow suite tools like passwd, chsh etc
- pam helpers unix{,2}_chkpwd
- wall, write
- clockdiff, ping
- dbus-daemon-launch-helper
- su
- sudo
- mount