The following programs/processes were already successfully "derooted", i. e. the process does not run as root any more, or got its suid root bit removed:

  • klogd (patch sent to Debian BTS)

  • syslogd (patch sent to Debian BTS)

  • cupsd (patch sent to Debian BTS)

  • hald (accepted in Debian, accepted upstream)
  • ntpd (patch sent to Debian BTS)

  • procmail (patch sent to Debian BTS)

  • smbmount/smbumount (trivial packaging change, not really appropriate for Debian)
  • jackd (Ubuntu patch effectively disables realtime feature by installing it non-suid)
  • login (patch sent to Debian BTS, adopted in Debian)

  • gpg/gnupg (patch sent to Debian BTS); completely non-suid in Ubuntu, kernel 2.6.8+ supports mlock() as user

  • hpoj (patch sent to Debian BTS, accepted in Debian)

  • at (patch sent to Debian BTS, accepted in Debian)

  • dhcp3-server (patch sent to Debian BTS)

  • unix_chkpwd (pam and nis patches sent to Debian BTS)

  • hplip (accepted in Debian)

The following processes still appear to run with too many privileges by default and should be investigated:

  • udevd
  • power management daemons
  • X
  • arpwatch
  • vsftpd

The following programs/processes were at one point "derooted" but now run as root:

  • dhcp3-client (patch sent to Debian BTS )

DerootificationStatus (last edited 2011-03-05 06:08:39 by d1b)