• onlinepersona@programming.dev
    link
    fedilink
    English
    arrow-up
    0
    ·
    8 months ago

    There’s a rewrite of sudo happening in rust, but he wants to throw out the SUID idea altogether?

    when invoked under the “run0” name (via a symlink) it behaves a lot like a sudo clone. But with one key difference: it’s not in fact SUID. Instead it just asks the service manager to invoke a command or shell under the target user’s UID. It allocates a new PTY for that, and then shovels data back and forth from the originating TTY and this PTY.

    That sounds like opening up the door to what windows is doing UAC and the wonderful vulnerability that the GOG Launcher had for privilege escalation.

    I’m not a security researcher, but giving arbitrary users the ability to tel PID 1 to run a binary of the user’s choosing is… probably not what Pottering is suggesting, but opens up to such vulnerabilities. And if it’s written in C/C++ my trust is further reduced.

    Anti Commercial-AI license