Inspired by this question here is the follow-up:
As some of you may know setuid-binaries are dangerous, since some exploits use these to escalate their rights up to root.
Now it seems that there has been an interesting idea to replace setuid with different, more secure means.
How?
Best Answer
File system capabilities in Linux were added to allow more fine-grained control than setuid alone will allow. With setuid it's a full escalation of effective privileges to the user (typically root). The capabilities(7) manpage provides the following description:
If an application needs the ability to call chroot(), which is typically only allowed for root,
CAP_SYS_CHROOT
can be set on the binary rather than setuid. This can be done using the setcap command:As of RPM version 4.7.0, capabilities can be set on packaged files using
%caps
.Fedora 15 had a release goal of removing all setuid binaries tracked in this bug report. According to the bug report, this goal was accomplished.
The wikipedia article on Capability-based security is good read for anyone interested.