diff options
| author | Lennart Poettering <lennart@poettering.net> | 2019-03-20 20:19:38 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2019-04-02 16:56:48 +0200 |
| commit | bf65b7e0c9fc215897b676ab9a7c9d1c688143ba (patch) | |
| tree | 906348e2120baa73531e774cf98eb1c5bbbc0c62 /NEWS | |
| parent | units: turn on RestrictSUIDSGID= in most of our long-running daemons (diff) | |
| download | systemd-bf65b7e0c9fc215897b676ab9a7c9d1c688143ba.tar.xz systemd-bf65b7e0c9fc215897b676ab9a7c9d1c688143ba.zip | |
core: imply NNP and SUID/SGID restriction for DynamicUser=yes service
Let's be safe, rather than sorry. This way DynamicUser=yes services can
neither take benefit of, nor create SUID/SGID binaries.
Given that DynamicUser= is a recent addition only we should be able to
get away with turning this on, even though this is strictly speaking a
binary compatibility breakage.
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 15 |
1 files changed, 15 insertions, 0 deletions
@@ -201,6 +201,21 @@ CHANGES WITH 242 in spe: done anymore, and instead calling `systemctl preset-all` is recommended after the first installation of systemd. + * A new boolean sandboxing option RestrictSUIDSGID= has been added that + is built on seccomp. When turned on creation of SUID/SGID files is + prohibited. + + * The NoNewPrivileges= and the new RestrictSUIDSGID= options are now + implied if DynamicUser= is turned on for a service. This hardens + these services, so that they neither can benefit from nor create + SUID/SGID executables. This is a minor compatibility breakage, given + that when DynamicUser= was first introduced SUID/SGID behaviour was + unaffected. However, the security benefit of these two options is + substantial, and the setting is still relatively new, hence we opted + to make it mandatory for services with dynamic users. + + … + CHANGES WITH 241: * The default locale can now be configured at compile time. Otherwise, |