Techly NewsGet the app

Get the latest tech news

SSH as a Sudo Replacement


A major caveat in tools like sudo and doas for that matter is that they rely on setuid binaries and privilege escalation in order to run commands as root. The design is not ideal, and also drags in a few limitations: - The whole user session needs to retain capabilities to perform privilege escalation.

A major caveat in tools like sudo and doas for that matter is that they rely on setuid binaries and privilege escalation in order to run commands as root. A little caveat here is that socat will read all input from ssh, and then write it into the socket, effectively duplicating the overhead of the connection. The above passfd.py script is a quick hack to move the experiment forward; for daily usage it would be best to write a tiny executable that does the same thing and put it into/usr/local/bin.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of SSH

SSH

Photo of sudo replacement

sudo replacement

Related news:

News photo

SSH agent extensions as an arbitrary RPC mechanism

News photo

Kernel.org servers infected with backdoors for two years from 2009

News photo

Citrix warns admins to manually mitigate PuTTY SSH client bug

« Amazon Considering Charging Extra for AI Alexa: Report | Entrepreneur
US Olympic and other teams will bring their own AC units to Paris »