this post was submitted on 30 Apr 2024
78 points (92.4% liked)
Linux
5237 readers
48 users here now
A community for everything relating to the linux operating system
Also check out !linux_memes@programming.dev
Original icon base courtesy of lewing@isc.tamu.edu and The GIMP
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It seems Poettering is convinced
doas
, while decreasing attack surface, depends on SUID binary implementation which is a concern in its own right. Poettering is trying to eliminate that dependency in his `run0' implementation to reduce the attack surface even further.The relevant excerpt from the long chain of posts from Poettering's mastodon.social account is copied below:
Read the rest where he explains
run0
's use and functionality beyond the design logic.Thanks for the insight. I think I understand what he is trying to do but is a little too low-level for me to really grasp the technicalities.