this post was submitted on 23 Jun 2024
79 points (91.6% liked)

Linux

48129 readers
430 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
all 19 comments
sorted by: hot top controversial new old
[–] [email protected] 26 points 4 months ago* (last edited 4 months ago)

Seems novel. But from a security aspect, if OpenSSH has security vulnerability that allows an unauthenticated user to login, via whatever means, once you are in the system as a non-privileged user, you are now free to use the same vulnerability to get root.

Basically this exercise is like using two locks that have the same key to open them. If the same key opens them, then a weakness in one, is now a weakness in the other so why bother with two identical locks?

[–] [email protected] 79 points 4 months ago (3 children)

......I feel like openssh has a much larger attack surface than a simple binary.

If you're going to this extent already, you may as well jump on the run0 approach systemd is introducing.

oh no, I can hear rumbling

[–] [email protected] -3 points 4 months ago

alias run0=sudo

(not really; I'd rather not introduce an alias or any sort of symbolic behaviour that would teach me to expect that systemd crap is available on a system. The less you rely on it, the better)

[–] [email protected] 12 points 4 months ago

…I feel like openssh has a much larger attack surface than a simple binary.

Right. This is just trading one set of security pitfalls with a second, much worse set of security pitfalls.