Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/pid_eins/statuses/112353350913195618">Lennart Poettering (pid_eins@mastodon.social)'s status on Tuesday, 30-Apr-2024 21:57:19 JST</a><a href="https://mastodon.social/@pid_eins" title="pid_eins@mastodon.social"><img src="https://gnusocial.jp/avatar/92094-48-20230126121211.webp" width="48" height="48" alt="Lennart Poettering" style="position: absolute; left: 0; top: 0;">Lennart Poettering</a><div><a href="https://mastodon.social/@pid_eins/112353341231792797" rel="in-reply-to">in reply to</a></div></section><article><p>This has led various people to revisit the problem and come up with alternatives: most prominently there's probably OpenBSD's sudo replacement called "doas". While it greatly simplifies the tool and removes much of the attack surface, it doesn't change one key thing: it's still a SUID binary.</p><p>I personally think that the biggest problem with sudo is the fact it's a SUID binary though – the big attack surface, the plugins, network access and so on that come after it it just make the key problem…</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3017156#notice-5989772">In conversation</a><time datetime="2024-04-30T21:57:19+09:00" title="Tuesday, 30-Apr-2024 21:57:19 JST">about 7 months ago</time> <span>from <span><a href="https://mastodon.social/@pid_eins/112353350913195618" rel="external" title="Sent from mastodon.social via ActivityPub">mastodon.social</a></span></span><a href="https://mastodon.social/@pid_eins/112353350913195618">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Lennart Poettering (pid_eins@mastodon.social)'s status on Tuesday, 30-Apr-2024 21:57:19 JST Lennart Poettering
in reply to
This has led various people to revisit the problem and come up with alternatives: most prominently there's probably OpenBSD's sudo replacement called "doas". While it greatly simplifies the tool and removes much of the attack surface, it doesn't change one key thing: it's still a SUID binary.
I personally think that the biggest problem with sudo is the fact it's a SUID binary though – the big attack surface, the plugins, network access and so on that come after it it just make the key problem…
In conversationabout 7 months ago from mastodon.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice