Y
Hacker News
new
|
ask
|
show
|
jobs
by
Bu9818
874 days ago
The vast majority of services and user programs don't need to escalate privileges by invoking SUID/SGID binaries. no_new_privs should be used on them so that the "setuid with libc/LD programs" security boundary is avoided.