From mboxrd@z Thu Jan 1 00:00:00 1970 From: Christopher Allan Webber Subject: Re: Providing an alternative to setuid in GuixSD Date: Wed, 26 Oct 2016 12:52:31 -0500 Message-ID: <87zilr6lr4.fsf@dustycloud.org> References: <87funnhz7h.fsf@catern.com> <878ttbti19.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:36729) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bzSNN-0008Ah-JH for guix-devel@gnu.org; Wed, 26 Oct 2016 13:52:34 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bzSNM-0001av-No for guix-devel@gnu.org; Wed, 26 Oct 2016 13:52:33 -0400 In-reply-to: <878ttbti19.fsf@gnu.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Ludovic =?utf-8?Q?Court=C3=A8s?= Cc: guix-devel@gnu.org, sbaugh@catern.com Ludovic Court=C3=A8s writes: > SSH is a complex protocol and its implementations are complex too. I > would find it unreasonable to replace =E2=80=98su=E2=80=99 and =E2=80=98= sudo=E2=80=99 with something > this complex, that goes through the TCP/IP stack, etc. I agree. We could maybe have a pseudo-sudo service that is built just for this purpose though... let's call it "psudo". ;) Thinking out loud: So, you're running psudo, and this thing maybe accepts connections over something more secure, *maybe* unix domain sockets... so restrict group access to the socket to users in the "psudo" group. >From there, maybe it could require PAM authentication while entering the root password, or something. It feels hard to know how psudo could "know" what user is accessing the socket... I don't think that information is made available, right? Maybe I'm wrong! I guess postgres and etc do similar things? Fun idea to think about anyway :)