"@siosm btw, the nicest way to disable the suid binaries is by dropping in a config snippet for systemd that sets NoNewPriviliges=yes, system wide. In that case suid is a thing of the past. (I mean, ideally we'd have an option to compile it out of the kernel, but this is the next best thing)"
"@siosm btw, the nicest way to disable the suid binaries is by dropping in a config snippet for systemd that sets NoNewPriviliges=yes, system wide. In that case suid is a thing of the past. (I mean, ideally we'd have an option to compile it out of the kernel, but this is the next best thing)"