[msm_]

Fortunately polkit can't be abused to do something like privilege escalation, right [1]?

Ok, I'll drop the snark. Do you know of any distributions that approach your idea seriously and ships absolutely no setuid binaries? Ideally they also make sure the user won't install an external package that ships setuid executables.

It's certainly technically possible, you just need to mount everything (including `/`) as nosuid. But even `su`, `sudo` and... `pkexec` need suid to work. So I don't think it's easy to have a usable linux environment with zero suid binaries. Or am I wrong?

In case of this bug, since the bug is in ld, my educated guess is that even one suid binary is be enough for the privilege escalation attack to work.

[1]: https://github.blog/2021-06-10-privilege-escalation-polkit-r...

[CableNinja]

Assuming a sufficiently secured access method via SSH (ex strong ciphers only, key only, etc), you can get by just fine without su/sudo, of course, youll have to switch users manually, by logging in as a root-like user (ex root aliased, or root itself). Services and such can still operate as other users, as (as far as i know) systemd and rc.d dont rely on suid.

Also, side rant, su/sudo were developed from what i would call being lazy (uhg i dont want to open a new terminal to run a command as root) which has led to a lot of abuse. But, i blame ubuntu for its widespread use and abuse, the first user made by a ubuntu install has full sudo privs out of the box. And then, every guide thereafter just became "just sudo su" (which uhg, in itself). The lazy factor by sudoing everything has led to uses of sudo i wish id never seen. I wish we never had it.