On Wed, Mar 02, 2022 at 07:11:42PM -0500, Steve Grubb wrote:
> On Tuesday, March 1, 2022 6:43:57 PM EST Michel Alexandre Salim wrote:
> > The subject of setuid came up in a private conversation recently, and to my
> > surprise we don't seem to have it documented in the packaging guidelines:
> > https://docs.fedoraproject.org/en-US/packaging-guidelines/
> > Per https://fedoraproject.org/wiki/Features/RemoveSETUID#Documentation
> > "We should change documentation on packaging guidelines to talk about
> > using file capabilities."
> > but the only mention of capabilities seem to be that, if you use it or
> > suid, PIE must be enabled:
> > https://docs.fedoraproject.org/en-US/packaging-guidelines/#_pie
> > Should this be documented somewhere, or if it's there but it's lost in
> > the wiki->docs migration, does anyone know where the documentation is?
> As someone involved in that change, the situation was much worse back in
> 2011. Almost everything was running as root. The inspection tools back then
> were non-existent, which is what I wrote pscap and netcap.
> Now, a lot of things use capabilities with a few still running as root when
> they don't need to be. But I have not looked at all daemons. The lesser used
> ones may need checking. But I think maybe some guidance could be good.
> Something like:
That's really comprehensive, thanks. Can we document this? I'm a bit
worried about the situation where a packager and a reviewer don't have
the institutional memory of "we recommend capabilities over
setuid/setgid" and new setuid packages creeping in again.
Michel Alexandre Salim