This whole mess just makes me think we should try harder to kick suid/fcaps out of general purpose Linux distributions. The whole concept is fundamentally backwards, and one of the major weaknesses of traditional UNIX I am sure. The idea behind suid/fcaps of first granting the privileges, inheriting some major, uncontrolled part of the execution environment/resource context/security context and then expecting the binary to securely gate its misuse is just a major mistake: https://www.openwall.com/lists/oss-security/2023/10/03/2
I'd welcome a distribution that'd try hard to address this, and basically run the whole OS with NNP set. Of course, this is not an easy task, people expect their su/sudo to just work, but I am sure these are all addressable, by switching to IPC based privilege elevation for such things.
@2ffa8eb4 Make systemd set prctl PR_SET_NO_NEW_PRIVS in pid 1. 😈
@2ffa8eb4 did you know that the Vulkan and EGL API provide means to have higher priority contexts and some graphics DRM drivers use CAP_SYS_NICE to guard that. This feature is commonly used by desktop compositors and although there were multiple attempts, we are yet to find a cleaner solution