… worse, but are not in themselves the main issue with sudo.
SUID processes are weird concepts: they are invoked by unprivileged code and inherit the execution context intended for and controlled by unprivileged code. By execution context I mean the myriad of properties that a process has on Linux these days, from environment variables, process scheduling properties, cgroup assignments, security contexts, file descriptors passed, and so on and so on. A few of these settings the kernel is nice…
Lennart Poettering /
npub1r9…yts2x
2024-04-29 07:39:51
in reply to nevent1q…9z8s
Author Public Key
npub1r9ngmtyw5c9qx49tw9rkty6v89yyq95sys9fzj69v6gy883zfcfsyyts2xPublished at
2024-04-29 07:39:51Event JSON
{
"id": "008f28ab07403b7f154ce470408332963a74d0585bb71b81e1914275849f8671",
"pubkey": "19668dac8ea60a0354ab714765934c3948401690240a914b456690439e224e13",
"created_at": 1714376391,
"kind": 1,
"tags": [
[
"e",
"9b7f12e65282a8d8970b4923a618ccf4af994b1ab3a9989ed9310fe525fdc07a",
"",
"root"
],
[
"e",
"03c5aff28a23c7e0f78cb3b5453f758924dd14772995a01ddde960af927c8c2a",
"",
"reply"
],
[
"p",
"19668dac8ea60a0354ab714765934c3948401690240a914b456690439e224e13"
],
[
"proxy",
"https://mastodon.social/users/pid_eins/statuses/112353371161154204",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://mastodon.social/users/pid_eins/statuses/112353371161154204",
"pink.momostr"
]
],
"content": "… worse, but are not in themselves the main issue with sudo.\n\nSUID processes are weird concepts: they are invoked by unprivileged code and inherit the execution context intended for and controlled by unprivileged code. By execution context I mean the myriad of properties that a process has on Linux these days, from environment variables, process scheduling properties, cgroup assignments, security contexts, file descriptors passed, and so on and so on. A few of these settings the kernel is nice…",
"sig": "b0f79c7dd5d79063a3f7fce7f0419127b59acd1b00bb2560b165df328e57daf88f2e5573ac38ce57cbef703d9ccf1b40fe8848bd051d9f5536ddc0bc01f75808"
}