Ariadne Conill is exploring a capability-based approach to privilege escalation on Linux systems. Inspired by the object-capability model, I've been working on a project named capsudo. Instead of treating privilege escalation as a temporary change of identity, capsudo reframes it as a mediated interaction with a service called capsudod that holds specific authority, which may range from full root privileges to a narrowly scoped set of capabilities depending on how it is deployed.
Source: https://lwn.net/Articles/1050370/
Aggregated via Linux News
Source: https://lwn.net/Articles/1050370/
Aggregated via Linux News
