General question: does cosmic depend on setuid?

[TonyKuroi]

As a hobby, I like to tinker around with Linux hardening. One topic that comes up a lot in this space is setuid/suid, and how it is a pretty dangerous attack vector. Obviously, no program is automatically “unsafe” just for using the setuid/suid flag, nor is it magically safe if it does not. But, being able to take steps away from setuid and towards capabilities instead does reduce potential attack vectors, while offering basically the same functionality.

obviously, I could download and grep the code myself, but I am not at a device where that is viable right now.

so, TL;DR, does Cosmic require setuid/suid to function? Does it directly use either of those (or the gid) flags?

[Drakulix]

The short answer is: No.

The slightly longer answer is: It depends.

The only component needing setuid/suid potentially is cosmic-comp, since it needs to access a bunch of devices directly. However that is not a configuration we use or support, since cosmic-comp can also access these devices through any backend supported by libseat. On most systems this will be systemd-logind, but other backends are supported that work on systemd-less distributions.

So apart from very esoteric configurations, there is absolutely no reason to set the suid-bit on cosmic-comp and I personally don't know of any distribution, that does do that.

[TonyKuroi]

Thanks! :) desktop environments are in that sort of grey area where you never really know, because some desktop environments like to do a lot more than others. I know that Cosmic is being built “the rust way” from the ground up, so I imagined there was no way that the team would intentionally put in something that could be an unnecessary potential attack vector. Glad to hear that assumption was correct.

Marking as answer, this can be archived.