by [OK Ryoko], revision 2024-07-28.1
Assumed audience: Linux system administrators, Linux utility authors and [Fedora Linux] package maintainers. Familiarity with process credentials, capabilities, syscalls, [strace], [Linux PAM] and [SELinux] is assumed.
I dive into all the SUID-root binaries that come with a minimal installation of [Fedora Server] 38. I also discuss the use of file capabilities to limit the level of privilege attainable by those programs.
Skip ahead to the section titled “The findings at a glance” for a high-level summary of outcomes.