I suppose the intention of starting with Python was to make it more accessible to a wider audience. After that point rewriting it in C crosses the bridge towards the final paragraph which encourages the reader to read up the actual C source code of sudo.
This is a nice explanation of sudo and its use of the setuid bit.
It’s worth noting that the setuid-bit feature is generally considered bad these days - it’s both essentially impossible to write secure setuid programs, and it greatly complicates other security properties of the system. Ideally, usage of setuid programs such as sudo would be replaced with IPC like s6-sudod or plain old sshd, and the setuid bit can be completely removed from modern Linux distributions.
How could sshd replace usage of sudo and friends? My impression is part of the value of sudo is avoiding passing around credentials for root accounts (on top of everything else). Perhaps I’m missing some important detail there.
Though perhaps the general answer is “just don’t have sudo-using flows in your operations”, which is definitely a respectable position!
My impression is part of the value of sudo is avoiding passing around credentials for root accounts (on top of everything else).
Plenty of ways to do that; you could configure ssh to only allow root logins from localhost; you could stick the pubkeys of users allowed to log into root in root’s authorized_keys; you could use a centralized authorization scheme like Kerberos and allow certain authenticated users to log in as root; you could do all of those combined, or other things too.
The only ‘against’ I could have it is writing the say_hello.py script in Python while the author may just used the whoami(1) command … but maybe it has some purpose that I do not understand.
I remember at my university we used to run a local version of sudo, long before it caught up and became the standard. The code looked like the one in the blog post. There were plenty of small little utilities that elevated privileges at the time, but node got the attention that sudo got from its original author and contributors.
doas is a simplified version of sudo - and the main doas.c is 448 lines of C code.
I didn’t really understand the pedagogy here.. rewriting it in C half way? maybe better to just use C the whole time?
I suppose the intention of starting with Python was to make it more accessible to a wider audience. After that point rewriting it in C crosses the bridge towards the final paragraph which encourages the reader to read up the actual C source code of sudo.
This is a nice explanation of sudo and its use of the setuid bit.
It’s worth noting that the setuid-bit feature is generally considered bad these days - it’s both essentially impossible to write secure setuid programs, and it greatly complicates other security properties of the system. Ideally, usage of setuid programs such as sudo would be replaced with IPC like s6-sudod or plain old sshd, and the setuid bit can be completely removed from modern Linux distributions.
How could
sshdreplace usage ofsudoand friends? My impression is part of the value ofsudois avoiding passing around credentials for root accounts (on top of everything else). Perhaps I’m missing some important detail there.Though perhaps the general answer is “just don’t have
sudo-using flows in your operations”, which is definitely a respectable position!Plenty of ways to do that; you could configure ssh to only allow root logins from localhost; you could stick the pubkeys of users allowed to log into root in root’s authorized_keys; you could use a centralized authorization scheme like Kerberos and allow certain authenticated users to log in as root; you could do all of those combined, or other things too.
Quite nice article.
The only ‘against’ I could have it is writing the
say_hello.pyscript in Python while the author may just used thewhoami(1)command … but maybe it has some purpose that I do not understand.Generally I liked it.
I remember at my university we used to run a local version of sudo, long before it caught up and became the standard. The code looked like the one in the blog post. There were plenty of small little utilities that elevated privileges at the time, but node got the attention that sudo got from its original author and contributors.