We want to stop systemd from being added to docker images, because of rpm requiring systemctl.
luto at mit.edu
Wed Apr 30 23:01:51 UTC 2014
On Wed, Apr 30, 2014 at 3:56 PM, Marcelo Ricardo Leitner
<marcelo.leitner at gmail.com> wrote:
> If that's what you think, okay. I do agree with you that suids & all are the
> worse thing. After all, it's like winning the lottery for hackers and that's
> probably where they focus most. But still fear something ending up executed
> via unwanted/unpredicted ways, specially when systems are getting more
> integrated, clever and smarter day after day.
If the goal is to close the giant attack surface that setuid things
provide, then there's almost an easy solution: use
PR_SET_NO_NEW_PRIVS. It's integrated with systemd, but my effort to
get it into PAM  didn't seem to go anywhere. I think that, for the
most part, most daemons should have no_new_privs set.
PAM integration would make it work for services like gitolite and for
ordinary shell users who are willing to tolerate minor regressions
like being unable to change passwords. :)
More information about the devel