[sudo-workers] Modifying sudo to not require setuid
sbaugh at catern.com
sbaugh at catern.com
Sat Nov 5 11:25:04 MDT 2016
"Todd C. Miller" <Todd.Miller at courtesan.com> writes:
> I've considered this in the past but it's not something on my
> roadmap.
I'd be interested in working on this if you're willing to accept
patches. I think the problems are surmountable. Do you have suggestions
for the design of the necessary changes?
I believe at least some systems would be willing to run a daemon just
for sudo. One of the advantages is that once sudo doesn't require
setuid, you can (mostly) completely remove the setuid bit from your
system by wrapping formerly-setuid commands with sudo. That could be
quite interesting: If your system is setuid-free, you can give
unprilveged users more power to manipulate their own environments (such
as chroot) without needing to worry that they will use those
environment-manipulation abilities to attack setuid binaries.
More information about the sudo-workers
mailing list