> The developer talks about the weaknesses of sudo, and how it has a large possible attack surface
Poettering's hypocrisy is painful.
replies(2):
Poettering's hypocrisy is painful.
Because that's what he's complaining about
https://marc.info/?l=openbsd-misc&m=171227941117852&w=2
"Liblzma ends up dynamically linked to sshd because of a systemd-related extension added by many Linux packagers that pulls in liblzma as an unrelated dependency."
https://news.ycombinator.com/item?id=39866076
"openssh does not directly use liblzma. However debian and several other distributions patch openssh to support systemd notification, and libsystemd does depend on lzma."
- Linux packagers decide to patch sshd to use libsystemd for a notification, that could have been trivially done without this library.
- libsystemd depends on libzlma
- libzlma depends on xz
And therefore, systemd is insecure?
And what does this have to do with the fact that SUID is a terrible idea that needs to go?
Second, when even the package maintainers can make such "trivial" mistakes, something is wrong. You'd expect a component such as systemd to be much more trustworthy than some random library.
I'm not arguing against systemd, just that it seems to grow and grow, and is not the correct place for security. It security is obviously broken.
It absolutely is. sudo allows you to execute code as another user. If you want to do that without giving sudo itself administrative privileges, this has to be done through the service manager, which creates a completely new, elevated process and handles communication with that. This is how it should be done (and BTW, this is pretty much how also the new sudo for Windows works). Now Lennart for some reason prefers systemd as this service manager - you might disagree with that choice, but then come up with a better one.
Well said. What makes you think systemd does not do this? Have you ever even looked at systemd in any amount of detail? Do you think it is one big binary running as PID1 doing everything?