Oddbean new post about | logout
1d95c32d | 1 years ago (raw) | export | reply | flag +1 
 This whole mess just makes me think we should try harder to kick suid/fcaps out of general purpose Linux distributions. The whole concept is fundamentally backwards, and one of the major weaknesses of traditional UNIX I am sure. The idea behind suid/fcaps of first granting the privileges, inheriting some major, uncontrolled part of the execution environment/resource context/security context and then expecting the binary to securely gate its misuse is just a major mistake: https://www.openwall.com/lists/oss-security/2023/10/03/2
1d95c32d | 1 years ago (raw) | root | parent | reply | flag 
 I'd welcome a distribution that'd try hard to address this, and basically run the whole OS with NNP set. Of course, this is not an easy task, people expect their su/sudo to just work, but I am sure these are all addressable, by switching to IPC based privilege elevation for such things.
d0d29fd9 | 1 years ago (raw) | root | parent | reply | flag 
 @2ffa8eb4 Make systemd set prctl PR_SET_NO_NEW_PRIVS in pid 1. 😈
Emil Velikov | 1 years ago (raw) | root | parent | reply | flag 
 @2ffa8eb4 did you know that the Vulkan and EGL API provide means to have higher priority contexts and some graphics DRM drivers use CAP_SYS_NICE to guard that. This feature is commonly used by desktop compositors and although there were multiple attempts, we are yet to find a cleaner solution