diff mbox series

FHS: Drop /usr/bin/su from list of allowed SUID binaries

Message ID	20230320113849.218288-1-stefan.schantl@ipfire.org
State	New
Headers	From: Stefan Schantl <stefan.schantl@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] FHS: Drop /usr/bin/su from list of allowed SUID binaries Date: Mon, 20 Mar 2023 12:38:49 +0100 Message-Id: <20230320113849.218288-1-stefan.schantl@ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Cc: pakfire@lists.ipfire.org Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org>
Series	FHS: Drop /usr/bin/su from list of allowed SUID binaries \| FHS: Drop /usr/bin/su from list of allowed SUID binaries

Commit Message

Stefan Schantl March 20, 2023, 11:38 a.m. UTC

  In the Makefile (util-linx.nm) we specify some capabilities to avoid setting
the suid bit.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 src/libpakfire/fhs.c | 1 -
 1 file changed, 1 deletion(-)

diff mbox series

Patch

diff --git a/src/libpakfire/fhs.c b/src/libpakfire/fhs.c
index f0ddc37c..8e85f29d 100644
--- a/src/libpakfire/fhs.c
+++ b/src/libpakfire/fhs.c
@@ -69,7 +69,6 @@  static const struct pakfire_fhs_check {
 	{ "/usr/bin/ksu",         S_IFREG, S_ISUID|0755, "root", "root", 0 },
 	{ "/usr/bin/passwd",      S_IFREG, S_ISUID|0755, "root", "root", 0 },
 	{ "/usr/bin/pkexec",      S_IFREG, S_ISUID|0755, "root", "root", 0 },
-	{ "/usr/bin/su",          S_IFREG, S_ISUID|0755, "root", "root", 0 },
 	{ "/usr/bin/sudo",        S_IFREG, S_ISUID|0755, "root", "root", 0 },
 
 	// Any files in /usr/{,s}bin must be owned by root and have 0755