Hide Forgot
We should remove all unnecessary binaries that contain setuid root. Running the following on a running oVirt Node (2.2.2): find . -type f \( -perm -4000 -o -perm -2000 \) -exec ls {} \; 2>/dev/null Showed the following files: ./usr/sbin/usernetctl ./usr/bin/write ./usr/bin/gpasswd ./usr/bin/chfn ./usr/bin/chage ./usr/bin/sudoedit ./usr/bin/newgrp ./usr/bin/chsh ./usr/bin/pkexec ./usr/bin/ksu ./usr/bin/sudo ./usr/bin/staprun ./usr/bin/crontab ./usr/bin/passwd ./usr/bin/wall ./usr/libexec/polkit-1/polkit-agent-helper-1 ./usr/libexec/openssh/ssh-keysign ./usr/libexec/utempter/utempter ./sbin/unix_chkpwd ./sbin/netreport ./sbin/pam_timestamp_check ./sbin/mount.nfs ./lib64/dbus-1/dbus-daemon-launch-helper ./bin/mount ./bin/umount ./bin/su ./bin/fusermount ./run/initramfs/sbin/mount.nfs ./run/initramfs/bin/mount ./run/initramfs/bin/umount Advice from security experts is to remove setuid on as many of these as possible, and find out what breaks/doesn't break. But goal should be to have as little setuid binaries as possible on the system
I'm sure some of these can't be removed. just from a quick glance, these can't be. mount, umount, su, passwd, chage, sudo, mount.nfs It's too late in the 2.4.0 timeframe to tackle this one, so deferring to 2.5.0
Petr, can you tell from which files given in the description setuid can be dropped?
(In reply to Fabian Deutsch from comment #3) > can you tell from which files given in the description setuid can be dropped? I can't say that without testing. I'd start with (In reply to Perry Myers from comment #0) > ./usr/bin/gpasswd > ./usr/bin/chfn > ./usr/bin/chage > ./usr/bin/chsh > ./usr/bin/ksu > ./usr/bin/staprun > ./usr/bin/wall and perform ovirt-node regression tests and then add some more if nothing breaks. I'm afraid there's no easy way out.
Closing old bugs. If this issue is still relevant/important in current version, please re-open the bug.