You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Another reason to remove setuid programs. Not sure if we're vulnerable to this actual attack. But I found the attack interesting and a reminder of the dangers of setuid.
I have never liked systemd's cavalier approach to permissions. This is yet another example.
With 'sudo' this will not work, because it actively sets the ulimit for
coredumps to 0. The reason for this is to protect against exactly this
attack scenario [3].
With 'su' it works, however.
We are vulnerable outside Docker containers. Since we run almost everything in Docker, I think we are safe, since we don't set passwords in Docker. The exploit allows extraction of a password hash (not just root).
Still important to disable setuid programs.
robnagler
changed the title
20230630 Remove setgid and setuid programs
Remove setgid and setuid programs
Apr 17, 2023
Need to strip setgid and setuid permissions from /usr. sudo and su need to be controlled to be on only during the build.
Docker allows privilege escalation even when
--user
is supplied.The text was updated successfully, but these errors were encountered: