Remove setgid and setuid programs

[robnagler]

Need to strip setgid and setuid permissions from /usr. sudo and su need to be controlled to be on only during the build.

Docker allows privilege escalation even when --user is supplied.

[e-carlin]

Another reason to remove setuid programs. Not sure if we're vulnerable to this actual attack. But I found the attack interesting and a reminder of the dangers of setuid.

https://www.openwall.com/lists/oss-security/2022/12/21/3

[robnagler]

systemd-coredump in userspace

I have never liked systemd's cavalier approach to permissions. This is yet another example.

With 'sudo' this will not work, because it actively sets the ulimit for
coredumps to 0. The reason for this is to protect against exactly this
attack scenario [3].

With 'su' it works, however.

We are vulnerable outside Docker containers. Since we run almost everything in Docker, I think we are safe, since we don't set passwords in Docker. The exploit allows extraction of a password hash (not just root).

Still important to disable setuid programs.