From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Mon, 20 Mar 2023 11:38:49 +0000 (+0100)
Subject: FHS: Drop /usr/bin/su from list of allowed SUID binaries
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d104cef56bf04e647653bd25c00f091f35c15826;p=people%2Fstevee%2Fpakfire.git

FHS: Drop /usr/bin/su from list of allowed SUID binaries

In the Makefile (util-linx.nm) we specify some capabilities to avoid setting
the suid bit.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/libpakfire/fhs.c b/src/libpakfire/fhs.c
index f0ddc37c..8e85f29d 100644
--- a/src/libpakfire/fhs.c
+++ b/src/libpakfire/fhs.c
@@ -69,7 +69,6 @@ static const struct pakfire_fhs_check {
 	{ "/usr/bin/ksu",         S_IFREG, S_ISUID|0755, "root", "root", 0 },
 	{ "/usr/bin/passwd",      S_IFREG, S_ISUID|0755, "root", "root", 0 },
 	{ "/usr/bin/pkexec",      S_IFREG, S_ISUID|0755, "root", "root", 0 },
-	{ "/usr/bin/su",          S_IFREG, S_ISUID|0755, "root", "root", 0 },
 	{ "/usr/bin/sudo",        S_IFREG, S_ISUID|0755, "root", "root", 0 },
 
 	// Any files in /usr/{,s}bin must be owned by root and have 0755