ok-ryoko / f38-custom-os-suid-root-binaries.md

Last active November 28, 2024 19:08

SUID-root Binaries in Fedora Custom OS 38

Warning

The author does not maintain this report actively. Please see their reports on newer versions of Fedora Linux for up-to-date information and corrections of errors.

SUID-root Binaries in Fedora Custom OS 38

by [OK Ryoko], revision 2024-11-28.3

Assumed audience: Linux system administrators, Linux utility authors and [Fedora Linux] package maintainers. Familiarity with process credentials, capabilities, syscalls, [strace], [Linux PAM] and [SELinux] is assumed.

I dive into all the SUID-root binaries that come with a minimal installation of [Fedora Server] 38. I also discuss the use of file capabilities to limit the level of privilege attainable by those programs.

ok-ryoko / f38-workstation-suid-root-binaries.md

Last active November 28, 2024 19:18

SUID-root Binaries in Fedora Workstation 38

Warning

The author does not maintain this report actively. Please see their reports on newer versions of Fedora Linux for up-to-date information and corrections of errors.

SUID-root Binaries in Fedora Workstation 38

by [OK Ryoko], revision 2024-11-28.1

Assumed audience: Linux system administrators, Linux utility authors and [Fedora Linux] package maintainers. Familiarity with process credentials, capabilities, syscalls, [strace], [Linux PAM] and [SELinux] is assumed.

In this follow-up piece to [SUID-root Binaries in Fedora Custom OS 38], I dive into the SUID-root binaries that are present in [Fedora Workstation] 38 but not in a minimal installation of [Fedora Server] 38 or that are present in both spins but behave differently under [GNOME]. I also discuss the use of file capabilities to limit the level of privilege attainable by those programs.

ok-ryoko / f39-workstation-suid-root-binaries.md

Last active November 28, 2024 19:37

SUID-root Binaries in Fedora Workstation 39

Warning

The author does not maintain this report actively. Please see their reports on newer versions of Fedora Linux for up-to-date information and corrections of errors.

SUID-root Binaries in Fedora Workstation 39

by [OK Ryoko], revision 2024-11-28.1

Assumed audience: Linux system administrators, Linux utility authors and [Fedora Linux] package maintainers. Familiarity with [credentials], [capabilities], [syscalls], [strace], [Linux PAM] and [SELinux] is assumed.

In this report, I build on the work described in [SUID-root Binaries in Fedora Workstation 38]. I focus on identifying the file capabilities needed to limit the level of privilege attainable by the new SUID-root binaries in Fedora Workstation 39.

ok-ryoko / f40-workstation-suid-root-binaries.md

Last active November 24, 2024 19:04

SUID-root Binaries in Fedora Workstation 40

by [OK Ryoko], revision 2024-11-24.1

Assumed audience: Linux system administrators, Linux utility authors and [Fedora Linux] package maintainers. Familiarity with [credentials], [capabilities], [syscalls], [strace], [Linux PAM] and [SELinux] is assumed.

In this report, I build on the work described in [SUID-root Binaries in Fedora Workstation 39]. Once again, my goal is to characterize the SUID-root binaries present on the system and establish minimal file capability sets for those binaries.

I provide a high-level summary of outcomes in the “The findings at a glance” section.