[go: up one dir, main page]
|
|
Log in / Subscribe / Register

What about SSH?

What about SSH?

Posted Feb 21, 2024 19:52 UTC (Wed) by bluca (subscriber, #118303)
In reply to: What about SSH? by oliwer
Parent article: Sudo and its alternatives

> It would be nice if Linux could be compiled in such a way that setsuid(2) calls would systematically be denied. That would remove a whole range of vulnerabilities.

Set [Service] and NoNewPrivileges=yes in /etc/systemd/system/service.d/noprivs.conf and you have such a system

to post comments

What about SSH?

Posted Feb 21, 2024 20:28 UTC (Wed) by oliwer (subscriber, #40989) [Link]

Oh that's a neat trick! The documentation also mentions "RestrictSUIDSGID=" which may be more specific, as "NoNewPrivileges=" also blocks capabilities.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds