222
Conill: Rethinking sudo with object capabilities
Ariadne Conill is
exploring a capability-based approach to privilege escalation on Linux
systems.
Inspired by the object-capability model, I've been working on a
project named capsudo. Instead of
treating privilege escalation as a temporary change of identity,
capsudo reframes it as a mediated interaction with a service called
capsudod that holds specific authority, which may range
from full root privileges to a narrowly scoped set of capabilities
depending on how it is deployed.
exploring a capability-based approach to privilege escalation on Linux
systems.
Inspired by the object-capability model, I've been working on a
project named capsudo. Instead of
treating privilege escalation as a temporary change of identity,
capsudo reframes it as a mediated interaction with a service called
capsudod that holds specific authority, which may range
from full root privileges to a narrowly scoped set of capabilities
depending on how it is deployed.
Anonymous
No comments yet.