Sujet : Re: Yet Another New systemd Feature
De : nospam (at) *nospam* example.net (D)
Groupes : comp.os.linux.miscDate : 08. May 2024, 10:54:50
Autres entêtes
Organisation : i2pn2 (i2pn.org)
Message-ID : <f8207b24-ce45-99b6-7106-c0e90441b3b7@example.net>
References : 1 2 3 4 5 6 7
On Tue, 7 May 2024, Marc Haber wrote:
D <nospam@example.net> wrote:
Since you are the expert witness... what is the point of OpenBSD:s doas
instead of sudo? If the two were to battle to the death with the lirpa,
which one would win?
>
runas is much simpler and thus has less attack surface. Sudo has a
complex parser of a historically grown configuration file format, a
plugin interface. I'd rather not have that in a suid root binary.
>
When I took over sudo maintenance in Debian, I was strongly
considering to migrate my own systems to doas because of the smaller
attack surface, but than decided that I need to eat my own dog food
and stayed with sudo.
>
Greetings
Marc
>
Great! =) Thank you very much for the information Marc!
Re: Yet Another New systemd Feature
Re: Yet Another New systemd Feature