Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/funkylab/statuses/111176151353224683">Marcus Müller (funkylab@mastodon.social)'s status on Saturday, 07-Oct-2023 22:24:02 JST</a><a href="https://mastodon.social/@funkylab" title="funkylab@mastodon.social"><img src="https://gnusocial.jp/avatar/113182-48-20231007132402.webp" width="48" height="48" alt="Marcus Müller" style="position: absolute; left: 0; top: 0;">Marcus Müller</a><div><a href="https://mastodon.social/@pid_eins/111176023871763195" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://mastodon.social/@pid_eins">@pid_eins</a> hm. But that basically necessitates solid RPC between an unprivileged client and a privileged system management daemon, which in itself is exactly where we tend to find parsing bugs for decades (like the glibc one triggering this discussion is).<br>I'd honestly rather see a kind-of-single-syscall-suid mechanism that only works with a sensible verifiable pledge()-equivalent. Like, think of an xattr that contains ebpf code describing that a privileged open can open exactly one file, and...</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2137826#notice-4225354">In conversation</a><time datetime="2023-10-07T22:24:02+09:00" title="Saturday, 07-Oct-2023 22:24:02 JST">Saturday, 07-Oct-2023 22:24:02 JST</time> <span>from <span><a href="https://mastodon.social/@funkylab/111176151353224683" rel="external" title="Sent from mastodon.social via ActivityPub">mastodon.social</a></span></span><a href="https://mastodon.social/@funkylab/111176151353224683">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Marcus Müller (funkylab@mastodon.social)'s status on Saturday, 07-Oct-2023 22:24:02 JSTMarcus Müller
in reply to
- Lennart Poettering
@pid_eins hm. But that basically necessitates solid RPC between an unprivileged client and a privileged system management daemon, which in itself is exactly where we tend to find parsing bugs for decades (like the glibc one triggering this discussion is).
I'd honestly rather see a kind-of-single-syscall-suid mechanism that only works with a sensible verifiable pledge()-equivalent. Like, think of an xattr that contains ebpf code describing that a privileged open can open exactly one file, and...
In conversationSaturday, 07-Oct-2023 22:24:02 JST from mastodon.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice