🥺: the best sudo replacement

frankfurt_schoolgirl [she/her] · 2 years ago

🥺: the best sudo replacement

invalidusernamelol [he/him] · edit-2 2 years ago

It's an incredibly secure solution to root access control. Every rejection is logged as well

The key part is the exec call at the end. One of the interesting things about the exec-family of system calls in UNIX is that it replaces the current process if it succeeds. This means that the function will never return unless some error happened, so the exec method always returns an error. This will make error handling happen properly and if things fail the process will exit with a non-zero error code:

    Finished release [optimized] target(s) in 0.06s
     Running `target/release/🥺 ls`
Error: Os { code: 1, kind: PermissionDenied, message: "Operation not permitted" }

Every time you run it, it spits out an error

🥺 ls

:bottom-speak: :speech-l:

PermissionDenied, message: "Operation not permitted"

:speech-r: :top-use-words:

dung_Eater [none/use name] · 2 years ago

lol, this is fucking hilarious. sad that i have literally zero people in my life that would understand this

invalidusernamelol [he/him] · 2 years ago

The joke is about sudo replacements being looked down on by the community, so they wrote a sudo replacement that is told "no" by the kernel.

frankfurt_schoolgirl [she/her] · 2 years ago

That's because the binary needs the right permissions. If it was root + setuid it should work on Unix.

invalidusernamelol [he/him] · 2 years ago

So building it with the right permissions would actually allow it to run as a sudo alternative?

frankfurt_schoolgirl [she/her] · 2 years ago

Yeah it would be essentially the same as sudo with the NOPASSWD: ALL option set in /etc/sudoers

invalidusernamelol [he/him] · 2 years ago

I prefer my reading of the bit because a "bottom sudo" that only ever gets denied by the kernel is funnier