On Thu, Mar 17, 2016 at 09:29:56PM +0100, Jaromil wrote:
>
> sup is different from doas, because doas is configured at runtime:
> http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/doas.conf.5
> while sup security model is based on the fact it has its settings
> compiled in, so when one put the binary as suid, one can be sure it
> will only execute the programs it has been built for.
It has never been clear to me why a compiled-in configuration is more
secure than a hand-edited run-time configiration file.
It is surely as easy to emplace a mmalicious executable as a
malicious configuration file. And the damaged configuration file is at
least auditable -- just look it over with less.
-- hendrik