[sudo-workers] Modifying sudo to not require setuid

Todd C. Miller Todd.Miller at courtesan.com
Sat Nov 5 10:19:29 MDT 2016


I've considered this in the past but it's not something on my
roadmap.  The daemon would always need to run the command in a new
pty (which is something sudo can already do).  I'm not sure if
people would be willing to have a daemon just for sudo.

There are portability issues since not all systems have SO_PASSCRED
or an equivalent mechanism (getpeerucred, getpeereid).

There would also be changes required to the plugin interface for
this to work.

 - todd


More information about the sudo-workers mailing list