Yes. Solving SUID Disabler and Permission Hardener too would be amazing! Yes, stuff we don’t use (such as pkexec) should surely have SUID removed. But we’ll need a SUID whitelist too? For now, we shouldn’t remove SUID from sudo, right? I don’t understand how such a whitelist would be possible with above code? Maybe first remove all SUID, then opt-in re-add sudo?
For the upcoming boot to auto login into admin vs limited user boot option (multiple boot modes for better security: persistent user | live user | persistent secureadmin | persistent superadmin | persistent recovery mode) it would be great to automatically create a configuration file snippet that whitelists sudo or removes sudo from whitelist. My idea was for boot to auto login into limited user to even have SUID on sudo removed. (And re-add when booting into admin mode.)
I would also like to have an interpreter lock opt-in. Dropping a configuration snippet (opt-in interpreter lock) vs deleting a configuration snippet (opt-out interpreter lock) would be great too for that.