Hello, As many of you already know, there are some setuid executables in Ubuntu that perform very specific tasks and do not need many special privileges (ping and traceroute are just two examples). My proposal is to remove their setuid flag and set the file capabilities they need through setcap(8). This will indeed reduce the risk of privilege escalation.
I think this is the right time to start discussing about this feature because 12.10 is four releases away from the next LTS and the risk of committing serious mistakes is lower. So, what do you think? Is it something that we could do for the Q-series? -- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
