Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.os.linux.misc > #56292 > unrolled thread
| Started by | Fritz Wuehler <fritz@spamexpire-202405.rodent.frell.theremailer.net> |
|---|---|
| First post | 2024-05-07 14:40 +0200 |
| Last post | 2024-05-08 11:54 +0200 |
| Articles | 5 — 3 participants |
Back to article view | Back to comp.os.linux.misc
This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by
below is the oldest one visible, not the original post.
Re: Yet Another New systemd Feature Fritz Wuehler <fritz@spamexpire-202405.rodent.frell.theremailer.net> - 2024-05-07 14:40 +0200
Re: Yet Another New systemd Feature Marc Haber <mh+usenetspam1118@zugschl.us> - 2024-05-07 15:45 +0200
Re: Yet Another New systemd Feature D <nospam@example.net> - 2024-05-07 21:03 +0200
Re: Yet Another New systemd Feature Marc Haber <mh+usenetspam1118@zugschl.us> - 2024-05-07 21:59 +0200
Re: Yet Another New systemd Feature D <nospam@example.net> - 2024-05-08 11:54 +0200
| From | Fritz Wuehler <fritz@spamexpire-202405.rodent.frell.theremailer.net> |
|---|---|
| Date | 2024-05-07 14:40 +0200 |
| Subject | Re: Yet Another New systemd Feature |
| Message-ID | <71362256743962b72394883a66a5504a@msgid.frell.theremailer.net> |
Lawrence D'Oliveiro <...@nz.invalid> [LD]: LD> Unfortunately, the existing tool [sudo] is far from perfect. Will Deich has written a nice sudo alternative, called "super", with lots of bells and whistles. Its man page: https://www.ucolick.org/~will/RUE/super/super.1.html
[toc] | [next] | [standalone]
| From | Marc Haber <mh+usenetspam1118@zugschl.us> |
|---|---|
| Date | 2024-05-07 15:45 +0200 |
| Message-ID | <v1db91$1hnge$1@news1.tnib.de> |
| In reply to | #56292 |
Fritz Wuehler <fritz@spamexpire-202405.rodent.frell.theremailer.net> wrote: >Lawrence D'Oliveiro <...@nz.invalid> [LD]: >LD> Unfortunately, the existing tool [sudo] is far from perfect. > >Will Deich has written a nice sudo alternative, called "super", with >lots of bells and whistles. And there is also doas, which less bells and whistles (which is what I would want for a suid program), from the BSD world. Greetings Marc (who maintains sudo in Debian and is thus stuck with sudo) -- ---------------------------------------------------------------------------- Marc Haber | " Questions are the | Mailadresse im Header Rhein-Neckar, DE | Beginning of Wisdom " | Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 6224 1600402
[toc] | [prev] | [next] | [standalone]
| From | D <nospam@example.net> |
|---|---|
| Date | 2024-05-07 21:03 +0200 |
| Message-ID | <c7674554-bbb0-cd6d-86ee-2abc5ed0e3a6@example.net> |
| In reply to | #56293 |
On Tue, 7 May 2024, Marc Haber wrote: > Fritz Wuehler <fritz@spamexpire-202405.rodent.frell.theremailer.net> > wrote: >> Lawrence D'Oliveiro <...@nz.invalid> [LD]: >> LD> Unfortunately, the existing tool [sudo] is far from perfect. >> >> Will Deich has written a nice sudo alternative, called "super", with >> lots of bells and whistles. > > And there is also doas, which less bells and whistles (which is what I > would want for a suid program), from the BSD world. > > Greetings > Marc (who maintains sudo in Debian and is thus stuck with sudo) Hello Marc, Since you are the expert witness... what is the point of OpenBSD:s doas instead of sudo? If the two were to battle to the death with the lirpa, which one would win?
[toc] | [prev] | [next] | [standalone]
| From | Marc Haber <mh+usenetspam1118@zugschl.us> |
|---|---|
| Date | 2024-05-07 21:59 +0200 |
| Message-ID | <v1e16r$1jc7c$1@news1.tnib.de> |
| In reply to | #56297 |
D <nospam@example.net> wrote: >Since you are the expert witness... what is the point of OpenBSD:s doas >instead of sudo? If the two were to battle to the death with the lirpa, >which one would win? runas is much simpler and thus has less attack surface. Sudo has a complex parser of a historically grown configuration file format, a plugin interface. I'd rather not have that in a suid root binary. When I took over sudo maintenance in Debian, I was strongly considering to migrate my own systems to doas because of the smaller attack surface, but than decided that I need to eat my own dog food and stayed with sudo. Greetings Marc -- ---------------------------------------------------------------------------- Marc Haber | " Questions are the | Mailadresse im Header Rhein-Neckar, DE | Beginning of Wisdom " | Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 6224 1600402
[toc] | [prev] | [next] | [standalone]
| From | D <nospam@example.net> |
|---|---|
| Date | 2024-05-08 11:54 +0200 |
| Message-ID | <f8207b24-ce45-99b6-7106-c0e90441b3b7@example.net> |
| In reply to | #56301 |
On Tue, 7 May 2024, Marc Haber wrote: > D <nospam@example.net> wrote: >> Since you are the expert witness... what is the point of OpenBSD:s doas >> instead of sudo? If the two were to battle to the death with the lirpa, >> which one would win? > > runas is much simpler and thus has less attack surface. Sudo has a > complex parser of a historically grown configuration file format, a > plugin interface. I'd rather not have that in a suid root binary. > > When I took over sudo maintenance in Debian, I was strongly > considering to migrate my own systems to doas because of the smaller > attack surface, but than decided that I need to eat my own dog food > and stayed with sudo. > > Greetings > Marc > Great! =) Thank you very much for the information Marc!
[toc] | [prev] | [standalone]
Back to top | Article view | comp.os.linux.misc
csiph-web