Bug#828686: ITP: no-new-privs -- Set PR_NO_NEW_PRIVS before executing another program

To: 828686@bugs.debian.org, Debian Mentors List <debian-mentors@lists.debian.org>
Subject: Bug#828686: ITP: no-new-privs -- Set PR_NO_NEW_PRIVS before executing another program
From: Christian Seiler <christian@iwakd.de>
Date: Sun, 26 Jun 2016 22:16:39 +0200
Message-id: <[🔎] 57703827.6080907@iwakd.de>
Reply-to: Christian Seiler <christian@iwakd.de>, 828686@bugs.debian.org
In-reply-to: <20160626192323.GA5354@harbard>
References: <20160626192323.GA5354@harbard>

Hi,
(cc'ing mentors since you already filed an RFS [1])

> It builds a single, eponymous, binary package.
> 
> I think it is a useful, though extremely simple, utility:
> system administrators may use it to starts processes as a non-privileged
> user and ensure that they cannot attempt to exploit local setuid binaries.

I don't mean to discourage you, but doesn't setpriv --no-new-privs
already do that? It's available in Stretch and sid, in the package
setpriv, built from src:util-linux.

Regards,
Christian

[1] Also, weirdly, I didn't see your ITP on debian-devel for some
    reason.

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Prev by Date: Bug#828691: ITP: golang-github-oleiade-reflections -- Golang high level abstractions over reflect library
Next by Date: Bug#828694: O: gnome-shell-extension-weather -- weather extension for GNOME Shell
Previous by thread: Bug#828686: ITP: no-new-privs -- Set PR_NO_NEW_PRIVS before executing another program
Next by thread: Bug#828690: ITP: r-cran-pscbs -- R package: Analysis of Parent-Specific DNA Copy Numbers
Index(es):
- Date
- Thread