From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stefan Schantl <stefan.schantl@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] FHS: Drop /usr/bin/su from list of allowed SUID binaries
Date: Mon, 20 Mar 2023 12:38:49 +0100
Message-ID: <20230320113849.218288-1-stefan.schantl@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0549272266907248156=="
List-Id: <development.lists.ipfire.org>

--===============0549272266907248156==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

In the Makefile (util-linx.nm) we specify some capabilities to avoid setting
the suid bit.

Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
 src/libpakfire/fhs.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/libpakfire/fhs.c b/src/libpakfire/fhs.c
index f0ddc37c..8e85f29d 100644
--- a/src/libpakfire/fhs.c
+++ b/src/libpakfire/fhs.c
@@ -69,7 +69,6 @@ static const struct pakfire_fhs_check {
 	{ "/usr/bin/ksu",         S_IFREG, S_ISUID|0755, "root", "root", 0 },
 	{ "/usr/bin/passwd",      S_IFREG, S_ISUID|0755, "root", "root", 0 },
 	{ "/usr/bin/pkexec",      S_IFREG, S_ISUID|0755, "root", "root", 0 },
-	{ "/usr/bin/su",          S_IFREG, S_ISUID|0755, "root", "root", 0 },
 	{ "/usr/bin/sudo",        S_IFREG, S_ISUID|0755, "root", "root", 0 },
 
 	// Any files in /usr/{,s}bin must be owned by root and have 0755
-- 
2.30.2


--===============0549272266907248156==--