Jaromil <jaromil@???> writes:

[...]

> sup is different from doas, because doas is configured at runtime:
> http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/doas.conf.5
> while sup security model is based on the fact it has its settings
> compiled in, so when one put the binary as suid, one can be sure it
> will only execute the programs it has been built for.

Random suggestion: What about supporting a compiled-in path?