Hi Steve,
On Wed, Mar 02, 2022 at 07:11:42PM -0500, Steve Grubb wrote:
Hello,
On Tuesday, March 1, 2022 6:43:57 PM EST Michel Alexandre Salim wrote:
The subject of setuid came up in a private conversation recently, and to my surprise we don't seem to have it documented in the packaging guidelines:
https://docs.fedoraproject.org/en-US/packaging-guidelines/
Per https://fedoraproject.org/wiki/Features/RemoveSETUID#Documentation
"We should change documentation on packaging guidelines to talk about using file capabilities."
but the only mention of capabilities seem to be that, if you use it or suid, PIE must be enabled:
https://docs.fedoraproject.org/en-US/packaging-guidelines/#_pie
Should this be documented somewhere, or if it's there but it's lost in the wiki->docs migration, does anyone know where the documentation is?
As someone involved in that change, the situation was much worse back in 2011. Almost everything was running as root. The inspection tools back then were non-existent, which is what I wrote pscap and netcap.
Now, a lot of things use capabilities with a few still running as root when they don't need to be. But I have not looked at all daemons. The lesser used ones may need checking. But I think maybe some guidance could be good. Something like:
<snip>
That's really comprehensive, thanks. Can we document this? I'm a bit worried about the situation where a packager and a reviewer don't have the institutional memory of "we recommend capabilities over setuid/setgid" and new setuid packages creeping in again.
Best regards,
packaging@lists.fedoraproject.org