The upcoming death of setuid/setgid on Linux

[hedwards]

What comes next? /etc/oshadow to store the "other" password?

Isn't that what the "any key" is for?

Group passwords are really neat.

Before rootless Docker became possible on Linux, you had 2 options: either run docker through sudo or assign yourself to the docker group, which is dangerous.

I chose a 3rd option that they adopted in their documentation: https://github.com/moby/mobOr, just y/issues/25299

The combination of sg (the equivalent of su for groups) with newgrp is really nice. On Linux you can use it when you need temporary access to a privileged group. I wish FreeBSD adopted the equivalent of gshadow.

Temporary permissions make me rather uncomfortable as they tend to become permanent permissions if not set up correctly. It's just wishful thinking in my view. Perhaps if I look into it more thoroughly it's less of a security nightmare than sudo is, but I dunno.

But, given that I wouldn't be the one writing the code for this, it may or may not actually happen ever, I just don't see a need for this that's worth the inherent security problems that come of temporary privileges.

 

[rbranco]

Isn't that what the "any key" is for?

Temporary permissions make me rather uncomfortable as they tend to become permanent permissions if not set up correctly. It's just wishful thinking in my view. Perhaps if I look into it more thoroughly it's less of a security nightmare than sudo is, but I dunno.

But, given that I wouldn't be the one writing the code for this, it may or may not actually happen ever, I just don't see a need for this that's worth the inherent security problems that come of temporary privileges.

And that's why it makes sense that newgrp has setuid turned off in FreeBSD. OpenBSD lacks the command. Only in NetBSD is setuid but any user could read the hashed group password in /etc/group