:: Re: [DNG] sup - a "small is beautif…
Top Page
Delete this message
Reply to this message
Author: Jaromil
Date:  
To: dng
Subject: Re: [DNG] sup - a "small is beautiful" tool for UNIX privilege escalation

hi Dave and Jim and Teodoro

hope you don't mind I reply your inquiries at once

sup won't ever have a package, so I'm not worried about the namespace
at all. It does not make sense to have a sup package, is really a tool
for distro makers, people preparing containers, online services ran in
a chroot, embedded devices and such.

sup is different from doas, because doas is configured at runtime:
http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/doas.conf.5
while sup security model is based on the fact it has its settings
compiled in, so when one put the binary as suid, one can be sure it
will only execute the programs it has been built for.

yes I contacted pancake but received no reply. meanwhile I really
needed sup and to apply some modifications to it (mostly fix the
LD_SO_PRELOAD vulnerability and add hashing) so rather than debate
about this I just went forward with my plans. the last update being in
2011 and the copyleft notice suggested me this won't offend anyone.
We may all agree this wonderful suckless tool deserves more lovance.

ciao