this post was submitted on 30 Apr 2024
79 points (92.5% liked)

Linux

5231 readers
144 users here now

A community for everything relating to the linux operating system

Also check out !linux_memes@programming.dev

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 1 year ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
79
Systemd wants to expand to include a sudo replacement (outpost.fosspost.org)
submitted 6 months ago by starman@programming.dev to c/linux@programming.dev
68 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[โ€“] FizzyOrange@programming.dev 18 points 6 months ago (1 children)

This sounds like a great improvement. I have read the sudo source code and anyone that seriously thinks there's no problem with it being SUID is crazy.

That said the whole security model of sudo makes no sense. As soon as you can access a sudoers' account you can trivially steal their password by MitMing sudo and waiting.

[โ€“] kevincox@lemmy.ml 1 points 6 months ago

the whole security model of sudo makes no sense

I think that is a bit strong. Sure, you aren't gaining much protection if you just allow sudo -su root but there are a lot of valid use cases.

  1. Logging.
  2. A bit of an "explicit" check to keep you from doing something stupid without thinking.
  3. You can configure sudo to only allow specific commands from different users. (Maybe a trusted friend should have permission to reboot your Minecraft server but nothing else)