[HN Gopher] : the best sudo replacement
___________________________________________________________________
: the best sudo replacement
Author : Tomte
Score : 103 points
Date : 2023-01-20 15:14 UTC (7 hours ago)
(HTM) web link (xeiaso.net)
(TXT) w3m dump (xeiaso.net)
| nwah1 wrote:
| I didn't know that you could use emojis in URLs. Neat.
| xena wrote:
| The actual title is supposed to be ": the best sudo replacement",
| but I'm not surprised that Hacker News stripped the emoji.
| dang wrote:
| I've put it back for you.
|
| HN is plain-text-obsessive by design but occasional exceptions
| make life interesting.
| xena wrote:
| Thanks!
| [deleted]
| [deleted]
| chungy wrote:
| Emoji are text!
| dang wrote:
| Ok, editded for you above: plain-text-
| obsessive ^^^^^^
| chungy wrote:
| Well, now we're gonna get nitpicky :) Unicode is plain
| text, therefore emoji are in the set qualified as "plain
| text." "ASCII text" may be more accurate.
| pxc wrote:
| Reread your comment. Foiled again!
| 2h wrote:
| test:
|
| : the best sudo replacement
| UI_at_80x24 wrote:
| I know I'm an old fart but this is yet another reason why I don't
| want my servers supporting UTF-8.
|
| LC_ALL=C
|
| It's important and NECESSARY to be inclusive, and as long as
| nginx can still provide the UTF-8 characters I don't care; but
| there is no way I can allow anything other then US ASCII to be on
| the terminal.
| untech wrote:
| How would you read git log output with non-ascii author names
| then?
| deathanatos wrote:
| That actually didn't work not too long ago. I don't remember
| if it was git or less, but "unicode" characters it would end
| up getting reified as, e.g., "<U+1234>", as I recall.
|
| Thankfully it got fixed at some point.
| chungy wrote:
| Unfortunately, the C locale will not achieve your goal: UTF-8
| will be merely a subset of what you support, rather than
| getting rid of it.
| [deleted]
| tmdh wrote:
| Wait? it doesn't make any sense. So any userspace program can
| call `setuid(0)` and `execv()`? Why is there sudo in the first
| place? I am not getting it.
| upon_drumhead wrote:
| Any userspace can call it, but unless you have the SUID bit set
| on the binary and have it owned by root, it won't really do
| much.
| derefr wrote:
| Presuming charitably that you mean the more interesting
| question of "why is this a program rather than a thing other
| programs do internally when they realize they need elevation":
| well, two reasons:
|
| 1. any program can call fopen(2) and fwrite(2), and yet cat(1)
| exists. Unix plumbing is mostly there for cases where you're
| linking programs together in ways those programs _didn 't_
| expect.
|
| 2. Privilege separation. You don't want big, complex programs
| running as root. You want big, complex programs running as your
| user, speaking to tiny little well-hardened programs running as
| root over a pipe, where the tiny-little program can only do one
| thing.
|
| For example, you might have seen the pattern of piping things
| into `sudo tee [file owned by root]` in order to be able to
| write to a file that's owned by root. This fits both of the
| above considerations: moving the privilege into "tee" rather
| than having whatever command is generating the text, exposes
| less of a vulnerability surface; and also, it's `sudo tee`
| rather than tee(1) itself performing elevation, because tee(1)
| itself was written a decade or two before this pattern emerged,
| and so has no idea it could be used this way.
| js2 wrote:
| The program needs to have the setuid bits set on its inode
| (chmod u+s), and be owned by root.
|
| https://en.wikipedia.org/wiki/Setuid
|
| Sudo exists as an elaborate ACL scheme implemented in user-
| space which takes advantage of the setuid+root permission
| scheme implemented in the Unix kernel to allow granularly
| granting root access to non-root users.
|
| But any program can be setuid and/or setgid to any user/group
| and it will then run as that effective user/group by any user
| with permission to execute that program.
|
| There are handful of programs that are setuid root because they
| need to do things like open raw sockets that non-root users
| can't do, ping being the canonical example. Finding buffer
| overflows in these programs has been a source of privilege
| escalation security bugs.
| mcpherrinm wrote:
| Fortunately these days programs like ping can use more
| focused alternatives to setuid, like CAP_NET_RAW, to greatly
| reduce attack surface.
|
| But also we've largely given up on Unix users as a security
| barrier in many places, instead using things like VMs as the
| interface between different tenants in hosting providers and
| clouds and such. The age of untrusted shell accounts shared
| Unix servers is ending, if not over already. Passwordless
| sudo on a cloud VM is probably the norm now.
| tmdh wrote:
| Understood. Thanks.
| dokem wrote:
| NSFW. Also, interacting with it requires a homework assignment.
| phnofive wrote:
| What?
| dokem wrote:
| [dead]
| xena wrote:
| Author of the article here. What?
| upon_drumhead wrote:
| [flagged]
| detaro wrote:
| I think you should be more concerned that you can't identify an
| obvious shitpost if you see one.
| Volundr wrote:
| I'm pretty sure the (as far as I can tell) was about not
| intending to rewrite in rust.
|
| > (as far as I can tell) have no intention of rewriting it in
| Rust,
| upon_drumhead wrote:
| Ahh, yes, your right. That part is certainly my
| misunderstanding.
| mrwnmonm wrote:
| Wait, HN renders emojis?
| [deleted]
| dang wrote:
| It doesn't except for a 10-second window today.
| https://news.ycombinator.com/item?id=34460417
| sph wrote:
| I swear I saw a heart emoji a few months ago in a comment at
| the bottom of a long thread. Not sure if it was a bug, an
| easter egg, or maybe a figment of my imagination.
|
| Also I wonder if you have a secret dashboard full of buttons
| to control this website, and now there's a _" Enable emojis
| for 10 seconds"_ button, next to _" Subtract 1 karma to
| anyone with a custom topcolor"_ and _" Promote a random Lisp
| post to the front page"_
| dhosek wrote:
| It might have been a rendering of U+2661 or U+2665 or
| U+2764 (this last one does get stripped by HN) which are
| not emoji but may be rendered as such by the browser.
| SLWW wrote:
| That does keep things interesting (as long as it's not super
| common) though i do wonder how it looked previously (did it
| just strip the emoji or is there like a ":pwease:" dropped
| in?
| chungy wrote:
| Technically speaking, no, HN doesn't render any titles. Your
| browser is displaying U+1F97A, which is sent over-the-wire as
| the bytes \xF0\x9F\xA5\xBA (UTF-8 encoding).
| [deleted]
| deathanatos wrote:
| By "render" they probably meant "didn't strip"; HN will strip
| emoji from comments/titles, generally.
|
| E.g., the emoji of the article: "" but I suspect there won't
| be anything between the quotes.
|
| (An exception was made for the title, in this case; dang
| mentions that in a comment in the comments here.)
| readthenotes1 wrote:
| I have more trouble interpreting emojis then I do emotions. God
| help me.
| gnicholas wrote:
| I end up hovering a lot on slack to find out the translation.
| And thankfully Siri reads them out loud to me when I have my
| airpods in.
| phoe-krk wrote:
| _> I wonder how many people 's RSS/JSONFeed readers we broke with
| the title..._
|
| Well played.
| xena wrote:
| The ironic part is that I didn't break any RSS readers! I broke
| URL parsers in chat apps, scp, and for command line arguments
| to `tailscale serve`.
| dhosek wrote:
| I have a poem that I published which has a Japanese title
| (Bao Shi noShi Zi Jia ). The journal that published it put
| that in the URL: https://www.invisiblecitylit.com/poetry/Bao
| Shi noShi Zi Jia / and not surprisingly, many URL parsers
| don't like the Japanese text.1 I really need to get around to
| changing the link that I have in my publications list to use
| the URL encoded version of the title so that it's easier to
| share on systems that don't like the Japanese there.
|
| 1. Although, if I remember correctly, URLs are not supposed
| to have characters outside of ASCII 33-126 in them (and some
| of those within the range are also disallowed), although as
| the link to my poem shows, those restrictions aren't always
| enforced.
| recuter wrote:
| Boy do I have news for you:
|
| https://en.wikipedia.org/wiki/Internationalized_domain_name
|
| https://en.wikipedia.org/wiki/Country_code_top-
| level_domain#...
|
| Pretty soon you'll be able to do this instead:
|
| https://www. Bao Shi noShi Zi Jia
| .jp/poetry/invisiblecitylit
|
| (https://www.xn--
| u9j516hprf6h574cs4w.jp/poetry/invisiblecityl...)
|
| Is that... good? -\\_(tsu)_/-
| RealStickman_ wrote:
| Emoji domain names exist, so I'm pretty sure you can put
| anything you want in your URL. Displaying the URL might
| differ though.
|
| https://xn--i-7iq.ws/
| jareklupinski wrote:
| my favorite way to plumb an old / unmaintained program or
| workflow is to put some emoji in as an input parameter, and see
| where the logs start exploding
| CameronNemo wrote:
| For some more serious alternatives, I have heard of many people
| finding doas to be a drop in replacement. Furthermore, I've heard
| some people suggest neither doas nor sudo, but instead using an
| SSH server to gain root access to your local machine. It could
| listen on localhost and use key-based auth to allow root
| logins...
| augusto-moura wrote:
| I did use ssh on localhost to do some X11 trickery once. It
| works surprisingly well
| AtlasBarfed wrote:
| Except the enterprise security industry is waging war on ssh
| keys and ssh/sshd.
| themikesanto wrote:
| Interesting. Could you expand on that, or point me towards
| some related reading? Thanks!
| arp242 wrote:
| What's wrong with ssh keys?
| mid-kid wrote:
| Using key-based auth without encrypting the key with a password
| sounds like a bad idea, as then any program running on the host
| can trivially gain root privileges.
| zamadatix wrote:
| I used the SSH server method for a while on a Windows machine
| since it's built in Terminal doesn't support mixed security
| contexts between tabs/panes.
| mcculley wrote:
| The first time I saw perfectly valid Unicode take down an RSS
| reader (in ~2003), it was an u that did it. I have taken to
| calling that the kaboomlaut in unit tests.
| eliaspro wrote:
| I replaced "sudo" in all my systems a long time ago with an alias
| to "machinectl shell .host" which is IMHO far superior to it, as
| it doesn't just spawn a new shell as a privileged process, but
| instead initializes a full user-session and then spawns a shell
| in this user-session.
|
| This doesn't carry the risk of tainting the new session with the
| context of the initiating shell (pwd, env, ...) and doesn't only
| feel like a full login, but actually provides everything that's
| part of a login session (systemd and DBus user-sessions, shared
| session context with other shells of the same user, etc).
| mid-kid wrote:
| Sudo's -i option is able to provide you with a shell in the
| same state that it'd be if it were a fresh login. I've burned
| this into my fingers a long time ago. Also, in most
| configurations you have to specifically whitelist environment
| variables for them to surivive a "sudo" call.
| sph wrote:
| Is there another way of opening a root shell other than "sudo
| -i"? That's what I've been using for a decade. How do other
| people do it?
| warinukraine wrote:
| [flagged]
| seanw444 wrote:
| Yeah there is a lot of overlap between overused anime imagery,
| and hackers. It's certainly strange.
| warinukraine wrote:
| [flagged]
| thendrill wrote:
| [flagged]
| xena wrote:
| Thank you for your feedback. I will increase the thing.
| dang wrote:
| We've banned this account for posting flamebait and
| unsubstantive comments and generally breaking the site
| guidelines a lot.
|
| Please don't create accounts to do that with; it will
| eventually get your main account banned as well.
|
| https://news.ycombinator.com/newsguidelines.html
| warinukraine wrote:
| [dead]
| actinium226 wrote:
| This website is so weird. I come expecting to see something about
| sudo, and there's this giant anime image, the title is not
| particularly visible, the first element on the page is talking
| about pronouns, and then it's a dialog about unicode.
|
| Bounce.
| NotYourLawyer wrote:
| Good Lord, what is this bullshit website? I don't care about the
| furry shit, tell me about sudo.
| warent wrote:
| For anyone wondering, this is basically a young millennial / gen
| z meme. The emoji is usually pronounced "pwease", as in a
| childlike pronunciation of "please"
|
| Therefore the command is basically just asking very nicely,
| hoping to get one's way
|
| edit. source: dude just trust me
| UI_at_80x24 wrote:
| A appreciate you 'describing' the emoji for me.
|
| I'm on the spectrum, and I can't tell 99% of these things
| apart. Looks like a sad face to me. no different then the 500
| other sad face emoji's I find. I'll stick with =(
| bitwize wrote:
| It's U+1F97A, FACE WITH PLEADING EYES.
| yamtaddle wrote:
| > I'm on the spectrum, and I can't tell 99% of these things
| apart
|
| If it's any consolation, I'm not, and I don't know _exactly_
| what a lot of the face-emojis are supposed to be expressing
| unless I see a text representation of them or otherwise have
| them explained.
| marvin wrote:
| There should be a quick-reference lexicon for these things
| iforgotpassword wrote:
| Wait what, this is some kind of emoji/face? It shows up as a
| grey solid box that is slightly wider than tall for me, so
| not even the typical "glyph missing" thing...
|
| Edit: ok apparently this is indeed the placeholder for
| missing emoji in Firefox for Android at least.
| wlesieutre wrote:
| This one: https://emojipedia.org/pleading-face/
| [deleted]
| tablespoon wrote:
| > I'm on the spectrum, and I can't tell 99% of these things
| apart. Looks like a sad face to me. no different then the 500
| other sad face emoji's I find. I'll stick with =(
|
| If it's any consolation, I don't think anyone could infer
| that from the emoji itself. The meaning is like a
| subculture's slang.
|
| I don't use emojis, so I only know the very basic ones (which
| I consider to be obfuscated emoticons).
| sph wrote:
| Am I the only one that can read faces in here?
|
| It is pretty obvious that it is a face doing the sad puppy
| eyes, like the one a young niece might do after I refuse to
| buy her some ice cream. I didn't even know it's meant to be
| underground, impenetrable slang.
| [deleted]
| TheCondor wrote:
| I don't know if it's ironic or not but there is also a sudo
| replacement in Rust that is called "please"
|
| https://gitlab.com/edneville/please
| chungy wrote:
| Thanks for the explanation. Emoji to me might as well be
| Chinese characters. It's just a "thing" I can't read.
| tux3 wrote:
| Alternatively, a good chunk of my twitter feed would call this
| the bottom emoji, without attempting to give it a
| pronunciation. I don't think any particular pronunciation has
| consensus, but various groups of people imbue it different
| meanings.
| nerdponx wrote:
| Does "bottom" mean what I think it means?
| Shared404 wrote:
| You're not wrong, at least based on the demographics I've
| seen.
|
| But I bet if you said "pwease emoji" or "bottom emoji", much
| of the same group would probably get it.
|
| Though maybe "pwease" would this and the fingers.
| marvin wrote:
| I reckon a bottom saying <<pwease>> would also get their
| point across.
| xena wrote:
| This tool canonically has no pronunciation and any attempt to
| give it one is non-canon. It is a child of the Internet.
| LesZedCB wrote:
| tell that to the gif guy
| [deleted]
| avgcorrection wrote:
| The meaning can also be inferred from... the face.
| yamtaddle wrote:
| Judging just from that, I'd have taken the meaning as "verge
| of crying" or "my pet just unexpectedly died"
|
| Until I read that comment I was having real trouble figuring
| out WTF it had to do with running commands. I thought it
| might be some practical joke tool that automatically modifies
| your commands such that they'll make you sad when they run.
| avgcorrection wrote:
| Google "puppy dog eyes".
|
| Don't get why we have to bust out all the _cringe_ internet
| lingo to describe something that you see in that venerable
| "real world".
| [deleted]
| yamtaddle wrote:
| It doesn't read that way to me. Maybe it's an emoji-font
| difference (I'm on Mac).
|
| [EDIT] I mean I see it once someone points it out, but
| that'd have been lucky to make my top-5 guesses
| otherwise.
| chungy wrote:
| If I zoom in, maybe. At default text sizes, it's
| indistinguishable from all other emoji faces for me.
| [deleted]
| bee_rider wrote:
| I mean clearly this is all quite tongue in cheek but:
|
| > It's also debatable if the entire concept of privilege
| separation as implemented in Linux and UNIX was a bad idea to
| begin with but we're stuck with it because of an endless ball of
| _legacy programs controlled by egotistical open source people
| that refuse to change_ [...]
|
| Not a very charitable way to describe volunteers who don't want
| to learn the flavor-of-the-month language to reimplement their
| old projects. Maybe if there were some folks who knew rust and
| were interested in doing this kind of work it would get done.
| brundolf wrote:
| It wasn't very charitable, but neither is the "flavor-of-the-
| month language" dig
| tristor wrote:
| Honestly, I don't think you should take anything the author of
| this wrote seriously, the most charitable interpretation is
| that most of their work is a form of satire.
| xena wrote:
| Speaking as the author of the work, most of _this post_ is
| satire meant to make you think about the existing security
| boundaries involved in privilege escalation. It is a false
| problem. The part about being annoyed that sudo is still
| written in C is coming from a sense of exasperation that
| there's still more predictable memory safety bugs involved
| with sudo because it's still written in C. The comment about
| python-cryptography failing to move to Rust because of random
| Gentoo uses holding it back was from a sense of exasperation
| that we can't have "nice things". I'm tired of having to
| emergency patch everything because we as an industry can't
| make our fundamental security tools _measurably safer_ with
| languages like Rust.
|
| I am a lot more serious in my other posts (such as this one:
| https://xeiaso.net/blog/2022-media or this one:
| https://xeiaso.net/blog/hlang-nguh), but sometimes I have to
| write satirical things otherwise people won't get the point.
|
| Believe what you want though.
| hot_gril wrote:
| I feel that where I work. I'm outnumbered in wanting to
| write web servers with high-level, non-performance-
| sensitive business logic in something other than C++. We
| keep having memory safety problems, but more importantly,
| it's really slow to develop this way and doesn't match the
| skillset we're hiring. However, these people are being
| paid.
|
| The common reason our most senior engineers tell me isn't
| even that it's too late to switch, it's that "C++ is
| perfectly fine as long as you use it right" and "it doesn't
| matter what the outside world uses" and "performance."
| archgoon wrote:
| [dead]
| ilyt wrote:
| Bitching about unpaid volunteers not wanting to rewrite
| their stuff is not satire, it's just being asshole.
| Especially that same thing have been said about sudo 100
| times before
|
| Sit the fuck down and write _rudo_ with the features people
| use (and it is very much "people use 20% of it's features
| but it is different 20% depending on user" case) or stop
| whining.
| hot_gril wrote:
| Bro chill
| adenozine wrote:
| Rust? Well, speaking of egotistical open source people that
| refuse to change...
| hot_gril wrote:
| Heh. I get what you're saying, but I feel that vibe more from
| Golang than from Rust.
| lilyball wrote:
| The quoted paragraph has nothing to do with language choice.
| bee_rider wrote:
| They didn't write in paragraphs, it is more like a collection
| of IRC posts or something. Here's the whole post thingy:
|
| > God I wish they did. They wrote the program in C, (as far
| as I can tell) have no intention of rewriting it in Rust, and
| it's had many viable attacks over the years that allowed
| attackers to gain root privileges and worse. It's also
| debatable if the entire concept of privilege separation as
| implemented in Linux and UNIX was a bad idea to begin with
| but we're stuck with it because of an endless ball of legacy
| programs controlled by egotistical open source people that
| refuse to change because then obscure targets that nobody
| uses won't be able to leech off of the rest of the ecosystem
| by holding back any chance to let us have a modicum of nice
| things.
|
| So, I guess fair enough. I will expand it slightly to say: it
| is an uncharitable way of describing volunteers who don't
| feel like learning a new language and reimplementing their
| old projects while also overturning a huge ecosystem of
| software.
| chaxor wrote:
| It's obviously a (failed) attempt to be funny by being very
| sarcastic. No one is stupid enough to this that writing it
| in Rust was even an option in the days unix was written -
| especially considering the types of people that would know
| how to write C and Rust for kernels.
| mid-kid wrote:
| The paragraph quoted is about the language choice, too, just
| that part was snipped off because it's long. It's one ball of
| a paragraph that goes in all directions, citing debian and
| gentoo's troubles with rust support[1] and calling them
| leeches for wanting to support obscure architectures. Not a
| fun read.
|
| [1]: https://lwn.net/Articles/845535/
| chrisweekly wrote:
| reminds me of a colleague some years ago who often put emoji in
| his git commit messages.
| [deleted]
| gumby wrote:
| Typing emoji is a pain, but the chat suggests that that might be
| an advantage:
|
| > Using this program requires you to be able to type an emoji.
| Most attack code is of such poor quality that they are unable to
| run commands named with emoji.
| yjftsjthsd-h wrote:
| > They wrote the program in C
|
| They wrote it in 1980 for unix; what exactly would you like them
| to have used?
|
| > (as far as I can tell) have no intention of rewriting it in
| Rust
|
| Since it will be less than a paragraph before you start ranting
| about how "obscure targets that nobody uses won't be able to
| leech off of the rest of the ecosystem by holding back any chance
| to let us have a modicum of nice things", I trust you, who would
| surely never be a "leech", have written an actual replacement or
| submitted patches to start improving the situation? Or perhaps
| are funding such efforts?
| xena wrote:
| I did write an actual replacement. It's what TFA is about :)
| yjftsjthsd-h wrote:
| > I did write an actual replacement. It's what TFA is about
| :)
|
| That is obviously not a replacement; either we take the
| serious approach of "sudo allows only authorized users to run
| things as root" and yours doesn't control access, or we take
| the nonserious approach of "sudo has so many bugs that it
| just gives people access" in which case we hardly need to
| bother rewriting it.
| recuter wrote:
| Yesn't.
___________________________________________________________________
(page generated 2023-01-20 23:00 UTC)