busybox-suid should be uninstallable
Since alpine is used to run some small containers, in most [[citation needed]] usecases, various users should have no business running the provided-by-default setuid binaries ("/bin/mount", "/bin/umount", "/bin/su", "/usr/bin/crontab", "/usr/bin/passwd", "/usr/bin/traceroute", "/usr/bin/traceroute6", "/usr/bin/vlock"
) in production. Thus, it would be nice to be able to uninstall busybox-suid
, to tighten the system a bit more, especially since some of those binaries are able to talk to the network.
~ # apk del busybox-suid
World updated, but the following packages are not removed due to:
busybox-suid: alpine-base
OK: 13 MiB in 29 packages
~ #