We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

Andrew Lutomirski luto at mit.edu
Wed Apr 30 23:01:51 UTC 2014


On Wed, Apr 30, 2014 at 3:56 PM, Marcelo Ricardo Leitner
<marcelo.leitner at gmail.com> wrote:
> If that's what you think, okay. I do agree with you that suids & all are the
> worse thing. After all, it's like winning the lottery for hackers and that's
> probably where they focus most. But still fear something ending up executed
> via unwanted/unpredicted ways, specially when systems are getting more
> integrated, clever and smarter day after day.

If the goal is to close the giant attack surface that setuid things
provide, then there's almost an easy solution: use
PR_SET_NO_NEW_PRIVS.  It's integrated with systemd, but my effort to
get it into PAM [1] didn't seem to go anywhere.  I think that, for the
most part, most daemons should have no_new_privs set.

PAM integration would make it work for services like gitolite and for
ordinary shell users who are willing to tolerate minor regressions
like being unable to change passwords. :)

[1] http://www.redhat.com/archives/pam-list/2013-October/msg00012.html

--Andy


More information about the devel mailing list