> > "> [> #> doas](https://emacs.ch/tags/doas )> : multiple security issues: Buffer overflow (privilege escalation to root) Broken UID parsing falls back to root (CVE-2019-15900),
Incorrect group change behaviour (CVE-2019-15901)."
brokenix (npub1xy2…l5zl) using Rust would probably have prevent buffer overflows bugs, but not the UID parsing or group change behavior.
People who tried to sell me on "doas" often did by arguing that the simpler design and smaller code base was supposed to make it more secure. Well, security, as it turns out, is pretty damn hard.
Ramin Honary /
npub1ev…qt5ae
2024-05-29 23:15:37
in reply to nevent1q…hatc
Author Public Key
npub1evth2uwaj03nae8g0d5nzdkmgtddnaghrnl7d80xrhfqyxr5q5dqjqt5aePublished at
2024-05-29 23:15:37Event JSON
{
"id": "c62473d662733659b7b476848745d8701949ec201e7da13bffc4f53bf6f755c9",
"pubkey": "cb177571dd93e33ee4e87b693136db42dad9f5171cffe69de61dd2021874051a",
"created_at": 1717024537,
"kind": 1,
"tags": [
[
"p",
"31158cefa9cf5e1b4ea7aaf2d9d345ca8867e9e698ad4086c2f04d5b8ae72835"
],
[
"e",
"8159a5e156bef418f986be11370cd3b801e75bcece68bb15962f90aeda98bd4e",
"",
"root"
],
[
"t",
"doas"
],
[
"proxy",
"https://emacs.ch/@ramin_hal9001/112526920067142380",
"web"
],
[
"proxy",
"https://emacs.ch/users/ramin_hal9001/statuses/112526920067142380",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://emacs.ch/users/ramin_hal9001/statuses/112526920067142380",
"pink.momostr"
]
],
"content": "\u003e \u003e \"\u003e [\u003e #\u003e doas](https://emacs.ch/tags/doas )\u003e : multiple security issues: Buffer overflow (privilege escalation to root) Broken UID parsing falls back to root (CVE-2019-15900),\nIncorrect group change behaviour (CVE-2019-15901).\"\nnostr:npub1xy2cemafea0pkn484tedn569e2yx060xnzk5ppkz7px4hzh89q6sdnl5zl using Rust would probably have prevent buffer overflows bugs, but not the UID parsing or group change behavior.\n\n\nPeople who tried to sell me on \"doas\" often did by arguing that the simpler design and smaller code base was supposed to make it more secure. Well, security, as it turns out, is pretty damn hard.",
"sig": "69f36496214162692d53e601a3468ac8f17bfc7741cfdebc8552ac0838fbee5476e661f9de7397f4765b85b7237eed68045839c076c624937bdbe786218d7ade"
}