1. Forum
  2. NIXNet
  3. NIX_AUTO

  • Conill: Rethinking sudo with object capabilities

    From LWN.net@86:200/23 to All on Sun Dec 14 06:40:07 2025
    Ariadne Conill is
    exploring a capability-based approach to privilege escalation on Linux
    systems.

    Inspired by the object-capability model, I've been working on a
    project named capsudo. Instead of
    treating privilege escalation as a temporary change of identity,
    capsudo reframes it as a mediated interaction with a service called
    capsudod that holds specific authority, which may range
    from full root privileges to a narrowly scoped set of capabilities
    depending on how it is deployed.

    https://lwn.net/Articles/1050370/
    --- SBBSecho 3.32-Linux
    * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (86:200/23)