Also for some reason this article created a 500+ comment thread on the Orange Website where boomers complain about the authors pronouns.

  • Llituro [he/him, they/them]
    ·
    2 years ago

    I genuinely can't tell if this would let you do sudo things more safely or if it's a bit.

    • eight [it/its]
      ·
      2 years ago

      it’s a bit - see author comment here

      xe seems to be laughing it up in the comments since none of the boomers managed to understand xer satrical intent

    • Llituro [he/him, they/them]
      ·
      2 years ago

      i've literally read the code and i still can't imagine this would actually work for anything if you don't even authenticate your root access. or is the bit that it's the "bottom" sudo so it just asks for access and anything you'd actually need sudo access for, to which the OS says "...no"

      • invalidusernamelol [he/him]
        ·
        edit-2
        2 years ago

        It's an incredibly secure solution to root access control. Every rejection is logged as well

        The key part is the exec call at the end. One of the interesting things about the exec-family of system calls in UNIX is that it replaces the current process if it succeeds. This means that the function will never return unless some error happened, so the exec method always returns an error. This will make error handling happen properly and if things fail the process will exit with a non-zero error code:

            Finished release [optimized] target(s) in 0.06s
             Running `target/release/🥺 ls`
        Error: Os { code: 1, kind: PermissionDenied, message: "Operation not permitted" }
        

        Every time you run it, it spits out an error

        🥺 ls

        :bottom-speak: :speech-l:

        PermissionDenied, message: "Operation not permitted"

        :speech-r: :top-use-words:

        • dung_Eater [none/use name]
          ·
          2 years ago

          lol, this is fucking hilarious. sad that i have literally zero people in my life that would understand this

          • invalidusernamelol [he/him]
            ·
            2 years ago

            The joke is about sudo replacements being looked down on by the community, so they wrote a sudo replacement that is told "no" by the kernel.

        • frankfurt_schoolgirl [she/her]
          hexagon
          ·
          2 years ago

          That's because the binary needs the right permissions. If it was root + setuid it should work on Unix.

          • invalidusernamelol [he/him]
            ·
            2 years ago

            So building it with the right permissions would actually allow it to run as a sudo alternative?

            • frankfurt_schoolgirl [she/her]
              hexagon
              ·
              2 years ago

              Yeah it would be essentially the same as sudo with the NOPASSWD: ALL option set in /etc/sudoers

              • invalidusernamelol [he/him]
                ·
                2 years ago

                I prefer my reading of the bit because a "bottom sudo" that only ever gets denied by the kernel is funnier

      • frankfurt_schoolgirl [she/her]
        hexagon
        ·
        2 years ago

        The way privileged escalation works on Unix is that any binary owned by root with the right permission bits set can switch to root, so it would actually work if you installed it correctly. I think the bit is just that 🥺 breaks ASCII red team tooling.

    • PorkrollPosadist [he/him, they/them]
      ·
      2 years ago

      If it is not a bit and they are suggesting Rust is safer in this instance, I am going to have to roll for psychic damage. I love Rust. Rust eliminates entire categories of memory and concurrency errors. Rust does not eliminate logical errors - the kind of mistakes you are going to make in cryptography and authentication schemes. Not to mention, Rust is an absolutely obnoxious dependency to pull for a sudo replacement.

      If it's a bit, it sure made a lot of people mad, so hats off I guess.

      • Llituro [he/him, they/them]
        ·
        edit-2
        2 years ago

        yeah same. it would genuinely be quicker for me to type the program into a new cargo project with a less :bottom-speak: name to see what it does than deal with whatever fucking build system waifuctl is. i get the issues people have with sudo, but essentially none of that has to do with problems rust can solve.

        edit: just tried it, i think it literally does nothing, at least on my machine. building it myself at least. maybe there's some permissions wonkery it needs but i don't care enough to actually download this nonsense.

        • invalidusernamelol [he/him]
          ·
          2 years ago

          The bit is that it denies you root access because you're asking as a bottom.

          Also the waifuctl thing seems to just be their VM management system. You could just build it without the VM

        • alexandra_kollontai [she/her]
          ·
          2 years ago

          just tried it, i think it literally does nothing, at least on my machine. building it myself at least. maybe there’s some permissions wonkery it needs

          It needs to have the setuid bit. Programs with setuid can execute other programs as another user.