https://bugzilla.suse.com/show_bug.cgi?id=1213490 Bug ID: 1213490 Summary: security enhancement: no setuid Classification: SUSE ALP - SUSE Adaptable Linux Platform Product: ALP Version: unspecified Hardware: Other OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Bootable Images Assignee: fcrozat@suse.com Reporter: gmoro@suse.com QA Contact: jsrain@suse.com CC: georg.pfuetzenreuter@suse.com, gmoro@suse.com, kubic-bugs@opensuse.org, lnussel@suse.com, qa-bugs@suse.de Depends on: 1171174 Target Milestone: --- Found By: --- Blocker: --- The way ALP is setting this in the config.sh is still broken, need to investigate consequences and if this is still the case. +++ This bug was initially created as a clone of Bug #1171174 +++ setuid binaries are a potential attack vector for privilege escalation. MicroOS with it's limited scope has chance to close that hole by default and not ship any binaries with elevated privileges by default. Ie set the default level to "paranoid". This will prevent unprivileged (system) users from potentially exploiting - shadow suite tools like passwd, chsh etc - pam helpers unix{,2}_chkpwd - wall, write - clockdiff, ping - dbus-daemon-launch-helper - su - sudo - mount -- You are receiving this mail because: You are on the CC list for the bug.