Feature changed by: Ludwig Nussel (lnussel) Feature #313210, revision 2 Title: get rid of all setuid binaries openSUSE Distribution: Unconfirmed Priority Requester: Important Requested by: Ludwig Nussel (lnussel) + Requested by: Security Team (secteam) Partner organization: openSUSE.org Description: setuid binaries directly or indirectly cause a never ending stream of security issues due to bugs in various components: - the implementation of the binaries themselves (CVE-2011-2490, CVE-2011-1946, CVE-2011- 1485, CVE-2011-2145, CVE-2011-1675, CVE-2010-4170, CVE-2009-2948) - libraries linked into setuid binaries (CVE-2010-3853, CVE-2010-3316, CVE-2009-0360) - glibc resp the linker (CVE-2011-1658, CVE-2010-3847, CVE-2011-0536, CVE-2010-3192, CVE-2011-1089) - kernel (CVE-2012-0056, CVE-2011-1020, CVE-2010-2240, CVE-2010-0296, CVE-2011-1020, CVE-2009- 2848) Therefore we should strive to get rid of all setuid binaries and replace them with client/server implemenations. -- openSUSE Feature: https://features.opensuse.org/313210