Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/pid_eins/statuses/112353420303876549">Lennart Poettering (pid_eins@mastodon.social)'s status on Tuesday, 30-Apr-2024 21:57:17 JST</a><a href="https://mastodon.social/@pid_eins" title="pid_eins@mastodon.social"><img src="https://gnusocial.jp/avatar/92094-48-20230126121211.webp" width="48" height="48" alt="Lennart Poettering" style="position: absolute; left: 0; top: 0;">Lennart Poettering</a><div><a href="https://mastodon.social/@pid_eins/112353405406989110" rel="in-reply-to">in reply to</a></div></section><article><p>it doesn't bother with encryption or cryptographic authentication, key management and stuff, but instead relies on the kernel's local identification mechanisms.</p><p>run0 doesn't implement a configuration language of its own btw (i.e. no equivalent of /etc/sudoers). Instead, it just uses polkit for that, i.e. how we these days usually let unpriv local clients be authorized by priv servers.</p><p>By isolating the contexts and the resources of client and target we remove some other classes of attacks…</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3017156#notice-5989777">In conversation</a><time datetime="2024-04-30T21:57:17+09:00" title="Tuesday, 30-Apr-2024 21:57:17 JST">about 6 months ago</time> <span>from <span><a href="https://mastodon.social/@pid_eins/112353420303876549" rel="external" title="Sent from mastodon.social via ActivityPub">mastodon.social</a></span></span><a href="https://mastodon.social/@pid_eins/112353420303876549">permalink</a><h4>Attachments</h4><ol><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="http://servers.By/">servers.by</a></h5><div></div></header><div></div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Lennart Poettering (pid_eins@mastodon.social)'s status on Tuesday, 30-Apr-2024 21:57:17 JST Lennart Poettering
in reply to
it doesn't bother with encryption or cryptographic authentication, key management and stuff, but instead relies on the kernel's local identification mechanisms.
run0 doesn't implement a configuration language of its own btw (i.e. no equivalent of /etc/sudoers). Instead, it just uses polkit for that, i.e. how we these days usually let unpriv local clients be authorized by priv servers.
By isolating the contexts and the resources of client and target we remove some other classes of attacks…
In conversationabout 6 months ago from mastodon.socialpermalink
Attachments
1. No result found on File_thumbnail lookup.
  servers.by

Public

Embed Notice

HTML Code

Corresponding Notice