←back to thread

Run0, a systemd based alternative to sudo, announced

(mastodon.social)
466 points CoolCold | 4 comments | 29 Apr 24 23:59 UTC | HN request time: 0.636s | source
1. gnufx ◴[30 Apr 24 20:33 UTC] No.40215962[source]
In fact, if factotum were implemented on Unix along with an analogue to the Plan 9 capability device, venerable programs like su and login would no longer need to be installed ‘‘setuid root.’’ — https://plan9.io/sys/doc/auth.html
replies(1): >>40220059 #
2. opless ◴[01 May 24 06:07 UTC] No.40220059[source]
Plan9port has factotum.

Plan9 has a completely different security model.

The Hostowner (usually Glenda) is essentially "root" and you're at the mercy of the filesystem regarding file privileges etc.

AFAIK there is no way to "become" glenda.

replies(2): >>40220096 #>>40229203 #
3. opless ◴[01 May 24 06:13 UTC] No.40220096[source]
In fact, according to sys/src/cmd/auth/login.c it looks like once you've logged it, you can shut the door using the capability device so then it's game over, no more hostowner for you
4. gnufx ◴[01 May 24 20:48 UTC] No.40229203[source]
I haven't followed Plan 9 for ages, but I'm puzzled why Cox & co wrote "Plan 9", then. However, the point was more about the capability-oriented security in a Unix successor, and how you can use file handles as a sort of cabability without the global namespace. (They're often quoted as examples capabilities in POSIX, but that's ignoring the global namespace.)