this post was submitted on 30 Apr 2024
76 points (91.3% liked)
Linux
5502 readers
237 users here now
A community for everything relating to the linux operating system
Also check out [email protected]
Original icon base courtesy of [email protected] and The GIMP
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It seems Poettering is convinced
doas
, while decreasing attack surface, depends on SUID binary implementation which is a concern in its own right. Poettering is trying to eliminate that dependency in his `run0' implementation to reduce the attack surface even further.The relevant excerpt from the long chain of posts from Poettering's mastodon.social account is copied below:
Read the rest where he explains
run0
's use and functionality beyond the design logic.Thanks for the insight. I think I understand what he is trying to do but is a little too low-level for me to really grasp the technicalities.