Gregory's Server@pid_eins, is a client-server model really the best alternative to suid? Shouldn't the kernel provide a new and cleaner suid alternative that won't inherit the parent environment by default, but allows explicitly to access it?
|
4 comments
@pid_eins, am I right you are about plugins and complicated configuration of sudo? While I agree with you that sudo is overengineered, I also accept it was not created out of nothing and solves some problems someone really needs to solve in a case when run0 is not enough And leaving aside a functionality trade-off, I think both sudo and run0 (...and many others) can benefit from a some new kernel mechanism instead of manual implementation on systemd side  @pid_eins, I read all thread and I see 3 main points: We are leaving the first point aside (it's about trade-offs). And for the rest two, it's better to allow the kernel to manage privilege acquiring (e.g. by forwarding requests to systemd via a new kernel mechanism) and to create a clean environment during these operations. Am I still missing something? |
@oficsu if you reduce the problem to cleaning up the env block, then you are missing pretty much everything I said in my post.