Rocksolid Light

News from da outaworlds

mail  files  register  groups  login

Message-ID:  

BOFH excuse #124: user to computer ration too low.

comp / comp.os.linux.misc / Re: Yet Another New systemd Feature

SubjectAuthor
* Re: Yet Another New systemd FeatureFritz Wuehler
`* Re: Yet Another New systemd FeatureMarc Haber
 `* Re: Yet Another New systemd FeatureD
  `* Re: Yet Another New systemd FeatureMarc Haber
   `- Re: Yet Another New systemd FeatureD

1
Subject: Re: Yet Another New systemd Feature
From: Fritz Wuehler
Newsgroups: comp.os.linux.misc
Organization: dizum.com - The Internet Problem Provider
Date: Tue, 7 May 2024 12:40 UTC
References: 1 2
From: fritz@spamexpire-202405.rodent.frell.theremailer.net (Fritz Wuehler)
Subject: Re: Yet Another New systemd Feature
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
References: <v1941f4d4m@dont-email.me>
<v1a0j2eb40@dont-email.me> <v1a3cbf08a@dont-email.me>
Message-ID: <71362256743962b72394883a66a5504a@msgid.frell.theremailer.net>
Date: Tue, 07 May 2024 14:40:15 +0200
Newsgroups: comp.os.linux.misc
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!news.mixmin.net!news2.arglkargh.de!alphared!sewer!news.dizum.net!not-for-mail
Organization: dizum.com - The Internet Problem Provider
X-Abuse: abuse@dizum.com
Injection-Info: sewer.dizum.com - 2001::1/128
View all headers

Lawrence D'Oliveiro <...@nz.invalid> [LD]:
LD> Unfortunately, the existing tool [sudo] is far from perfect.

Will Deich has written a nice sudo alternative, called "super", with
lots of bells and whistles.

Its man page:
https://www.ucolick.org/~will/RUE/super/super.1.html

Subject: Re: Yet Another New systemd Feature
From: Marc Haber
Newsgroups: comp.os.linux.misc
Organization: private site, see http://www.zugschlus.de/ for details
Date: Tue, 7 May 2024 13:45 UTC
References: 1 2 3
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!weretis.net!feeder8.news.weretis.net!news1.tnib.de!feed.news.tnib.de!news.tnib.de!.POSTED.torres.zugschlus.de!not-for-mail
From: mh+usenetspam1118@zugschl.us (Marc Haber)
Newsgroups: comp.os.linux.misc
Subject: Re: Yet Another New systemd Feature
Date: Tue, 07 May 2024 15:45:05 +0200
Organization: private site, see http://www.zugschlus.de/ for details
Message-ID: <v1db91$1hnge$1@news1.tnib.de>
References: <v1941f4d4m@dont-email.me> <v1a0j2eb40@dont-email.me> <v1a3cbf08a@dont-email.me> <71362256743962b72394883a66a5504a@msgid.frell.theremailer.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Injection-Date: Tue, 7 May 2024 13:45:05 -0000 (UTC)
Injection-Info: news1.tnib.de; posting-host="torres.zugschlus.de:81.169.166.32";
logging-data="1629710"; mail-complaints-to="abuse@tnib.de"
X-Newsreader: Forte Agent 6.00/32.1186
View all headers

Fritz Wuehler <fritz@spamexpire-202405.rodent.frell.theremailer.net>
wrote:
>Lawrence D'Oliveiro <...@nz.invalid> [LD]:
>LD> Unfortunately, the existing tool [sudo] is far from perfect.
>
>Will Deich has written a nice sudo alternative, called "super", with
>lots of bells and whistles.

And there is also doas, which less bells and whistles (which is what I
would want for a suid program), from the BSD world.

Greetings
Marc (who maintains sudo in Debian and is thus stuck with sudo)
--
----------------------------------------------------------------------------
Marc Haber | " Questions are the | Mailadresse im Header
Rhein-Neckar, DE | Beginning of Wisdom " |
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 6224 1600402

Subject: Re: Yet Another New systemd Feature
From: D
Newsgroups: comp.os.linux.misc
Organization: i2pn2 (i2pn.org)
Date: Tue, 7 May 2024 19:03 UTC
References: 1 2 3 4
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!i2pn.org!i2pn2.org!.POSTED!not-for-mail
From: nospam@example.net (D)
Newsgroups: comp.os.linux.misc
Subject: Re: Yet Another New systemd Feature
Date: Tue, 7 May 2024 21:03:14 +0200
Organization: i2pn2 (i2pn.org)
Message-ID: <c7674554-bbb0-cd6d-86ee-2abc5ed0e3a6@example.net>
References: <v1941f4d4m@dont-email.me> <v1a0j2eb40@dont-email.me> <v1a3cbf08a@dont-email.me> <71362256743962b72394883a66a5504a@msgid.frell.theremailer.net> <v1db91$1hnge$1@news1.tnib.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Injection-Info: i2pn2.org;
logging-data="390684"; mail-complaints-to="usenet@i2pn2.org";
posting-account="w/4CleFT0XZ6XfSuRJzIySLIA6ECskkHxKUAYDZM66M";
X-Spam-Checker-Version: SpamAssassin 4.0.0
In-Reply-To: <v1db91$1hnge$1@news1.tnib.de>
View all headers

On Tue, 7 May 2024, Marc Haber wrote:

> Fritz Wuehler <fritz@spamexpire-202405.rodent.frell.theremailer.net>
> wrote:
>> Lawrence D'Oliveiro <...@nz.invalid> [LD]:
>> LD> Unfortunately, the existing tool [sudo] is far from perfect.
>>
>> Will Deich has written a nice sudo alternative, called "super", with
>> lots of bells and whistles.
>
> And there is also doas, which less bells and whistles (which is what I
> would want for a suid program), from the BSD world.
>
> Greetings
> Marc (who maintains sudo in Debian and is thus stuck with sudo)

Hello Marc,

Since you are the expert witness... what is the point of OpenBSD:s doas
instead of sudo? If the two were to battle to the death with the lirpa,
which one would win?

Subject: Re: Yet Another New systemd Feature
From: Marc Haber
Newsgroups: comp.os.linux.misc
Organization: private site, see http://www.zugschlus.de/ for details
Date: Tue, 7 May 2024 19:59 UTC
References: 1 2 3 4 5
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!weretis.net!feeder8.news.weretis.net!news1.tnib.de!feed.news.tnib.de!news.tnib.de!.POSTED.torres.zugschlus.de!not-for-mail
From: mh+usenetspam1118@zugschl.us (Marc Haber)
Newsgroups: comp.os.linux.misc
Subject: Re: Yet Another New systemd Feature
Date: Tue, 07 May 2024 21:59:22 +0200
Organization: private site, see http://www.zugschlus.de/ for details
Message-ID: <v1e16r$1jc7c$1@news1.tnib.de>
References: <v1941f4d4m@dont-email.me> <v1a0j2eb40@dont-email.me> <v1a3cbf08a@dont-email.me> <71362256743962b72394883a66a5504a@msgid.frell.theremailer.net> <v1db91$1hnge$1@news1.tnib.de> <c7674554-bbb0-cd6d-86ee-2abc5ed0e3a6@example.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Injection-Date: Tue, 7 May 2024 19:59:23 -0000 (UTC)
Injection-Info: news1.tnib.de; posting-host="torres.zugschlus.de:81.169.166.32";
logging-data="1683692"; mail-complaints-to="abuse@tnib.de"
X-Newsreader: Forte Agent 6.00/32.1186
View all headers

D <nospam@example.net> wrote:
>Since you are the expert witness... what is the point of OpenBSD:s doas
>instead of sudo? If the two were to battle to the death with the lirpa,
>which one would win?

runas is much simpler and thus has less attack surface. Sudo has a
complex parser of a historically grown configuration file format, a
plugin interface. I'd rather not have that in a suid root binary.

When I took over sudo maintenance in Debian, I was strongly
considering to migrate my own systems to doas because of the smaller
attack surface, but than decided that I need to eat my own dog food
and stayed with sudo.

Greetings
Marc
--
----------------------------------------------------------------------------
Marc Haber | " Questions are the | Mailadresse im Header
Rhein-Neckar, DE | Beginning of Wisdom " |
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 6224 1600402

Subject: Re: Yet Another New systemd Feature
From: D
Newsgroups: comp.os.linux.misc
Organization: i2pn2 (i2pn.org)
Date: Wed, 8 May 2024 09:54 UTC
References: 1 2 3 4 5 6
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!i2pn.org!i2pn2.org!.POSTED!not-for-mail
From: nospam@example.net (D)
Newsgroups: comp.os.linux.misc
Subject: Re: Yet Another New systemd Feature
Date: Wed, 8 May 2024 11:54:50 +0200
Organization: i2pn2 (i2pn.org)
Message-ID: <f8207b24-ce45-99b6-7106-c0e90441b3b7@example.net>
References: <v1941f4d4m@dont-email.me> <v1a0j2eb40@dont-email.me> <v1a3cbf08a@dont-email.me> <71362256743962b72394883a66a5504a@msgid.frell.theremailer.net> <v1db91$1hnge$1@news1.tnib.de> <c7674554-bbb0-cd6d-86ee-2abc5ed0e3a6@example.net>
<v1e16r$1jc7c$1@news1.tnib.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Injection-Info: i2pn2.org;
logging-data="450695"; mail-complaints-to="usenet@i2pn2.org";
posting-account="w/4CleFT0XZ6XfSuRJzIySLIA6ECskkHxKUAYDZM66M";
X-Spam-Checker-Version: SpamAssassin 4.0.0
In-Reply-To: <v1e16r$1jc7c$1@news1.tnib.de>
View all headers

On Tue, 7 May 2024, Marc Haber wrote:

> D <nospam@example.net> wrote:
>> Since you are the expert witness... what is the point of OpenBSD:s doas
>> instead of sudo? If the two were to battle to the death with the lirpa,
>> which one would win?
>
> runas is much simpler and thus has less attack surface. Sudo has a
> complex parser of a historically grown configuration file format, a
> plugin interface. I'd rather not have that in a suid root binary.
>
> When I took over sudo maintenance in Debian, I was strongly
> considering to migrate my own systems to doas because of the smaller
> attack surface, but than decided that I need to eat my own dog food
> and stayed with sudo.
>
> Greetings
> Marc
>

Great! =) Thank you very much for the information Marc!

1

rocksolid light 0.9.8
clearnet tor