Conill: Rethinking sudo with object capabilities

by
corbet
from LWN.net on (#7254P)
Ariadne Conill isexploring a capability-based approach to privilege escalation on Linuxsystems.

Inspired by the object-capability model, I've been working on aproject named capsudo. Instead oftreating privilege escalation as a temporary change of identity,capsudo reframes it as a mediated interaction with a service calledcapsudod that holds specific authority, which may rangefrom full root privileges to a narrowly scoped set of capabilitiesdepending on how it is deployed.
External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments