|
|
Subscribe / Log in / New account

Sudo and its alternatives

Sudo and its alternatives

Posted Feb 22, 2024 15:17 UTC (Thu) by sionescu (subscriber, #59410)
In reply to: Sudo and its alternatives by pizza
Parent article: Sudo and its alternatives

> If you're using C library bindings, then you're effectively making everything "built-in functionality" which limits you to the "language ecosystems" that can be linked into a single executable.

Yes, but in this case it's mostly the C/C++ ecosystem (or whatever can produce an ELF object).

> (And if you're going to alllow calling external binaries, then what exactly was your point about "disallowing the loading of external libraries"?)

Because the third-party libraries that would be linked into Polkit would be strictly controlled by the upstream authors of Polkit, not under the control of sysadmins, so it would be impossible to edit a Polkit rule and load arbitrary code. A very common pattern after all: define a set of core primitives that one exports into a very limited "scripting" environment, that gets interpreted and mostly allows defining some hooks.

to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds