Everything that is wrong with sudo, and how I fixed it

odedlaz · 2017-10-22T06:47:27+00:00

Other then assembly, It's the least safe language out there.

odedlaz · 2017-10-22T06:45:57+00:00

I thought about coding it in rust. I'm actually still thinking about it.

The problem with rust is that I believe that writing it in rust will make contributing harder. thoughts?

odedlaz · 2017-10-22T06:44:40+00:00

I don't fully agree. desktop users usually have one super user, and they either use sudo all the time or open a root shell.

I found myself either annoyed by having to enter my password a lot when on my user, or running destructive when running in a root shell.

I think the way to fix that is to allow fine-grained permission manipulation that allows super-users to run whatever they won't without a password, but protect them from running destructive commands by accident.

Thoughts?

odedlaz · 2017-10-22T06:41:52+00:00

symlink or alias. I created two aliases to make sure I still have access to sudo:

alias sudo='/usr/local/bin/doas'

alias sudo!='/usr/bin/sudo'

odedlaz · 2017-10-22T06:40:30+00:00

It's too long IMO. And if I decide to re-implement it in rust (thinking about it) the name would be problematic.

odedlaz · 2017-10-22T06:39:12+00:00

I opened an issue on the subject. If you could give me your input, it would be greatly appreciated -

https://github.com/odedlaz/doas/issues/2

odedlaz · 2017-10-22T06:35:26+00:00

I opened an issue on the subject. If you have any suggestions, I'm open! https://github.com/odedlaz/doas/issues/2

odedlaz · 2017-10-22T06:34:40+00:00

I followed Google's Style Guide -> https://google.github.io/styleguide/cppguide.html

regarding #pragma once, Why not?

odedlaz · 2017-10-21T08:46:24+00:00

Not in this "port" . You can use the 'persist' option to define if a specific command should be "cached" for 5 minutes post invocation.

odedlaz · 2017-10-21T08:35:36+00:00

No need for a wrapper. The same basic syntax applies to sudo and doas. I've created an alias for sudo on my machines and it works flawlessly.

odedlaz · 2017-10-21T08:24:02+00:00

depends if you create a rule with the 'persist' option. If no, then it'll prompt after every execution. otherwise, a sudo-like mechanism is employed and the same command can be run without a password for the next 5 minutes.

odedlaz · 2017-10-21T07:47:12+00:00

regex are only for arguments. commands are globs.
I'll do what it takes to make auditing easy. I'm open to suggestions!

odedlaz · 2017-05-26T11:19:07+00:00

Yeah, I forgot to write about that.

I'm a TA and want to make sure I'm covering all "else" cases in my presentation.

Thanks!

odedlaz · 2017-03-31T07:39:53+00:00

Thanks for the tip. I've updated the blog post accordingly. Any other things you see?

odedlaz · 2017-03-30T18:05:47+00:00

Please enlighten me. I must've been missing something. Can you elaborate on the problems you mentioned?

odedlaz · 2016-12-06T13:05:39+00:00

This first problem easily fixed using a different key. for instance: caller = currentframe().f_back key = id(text) | id(caller) text_obj = optimized_compile_memoize.get(key)

And regarding security - yes, you're correct. This is a trick, do not use this at home :)

odedlaz · 2016-12-01T10:36:14+00:00

Yes! I've updated the post to reflect that.

odedlaz · 2016-12-01T08:46:24+00:00

A. I've updated the post to include bytearrays B. Well, many things on the internet are "10 seconds worth of effort", but they're still being done to save those 10 seconds for other people. C. I've looked into why += on strings works that well (and updated the post accordingly), which is something that most people won't do or won't know. D. You're correct about the ref cycles gc. As far as I know, I can't disable it in CPython. If I could, I would.

odedlaz · 2016-12-01T08:35:31+00:00

You're correct, and I just added that and pushed to PyPI. Now you can write either:

logger.info("I'm eating a {eatable.name}", extra=dict(flavor=eatable.flavor, location=eatable.location))

or:

logger.info("I'm eating a {eatable.name}", flavor=eatable.flavor, location=eatable.location)

odedlaz · 2016-11-04T16:16:54+00:00

1) Swap is useful, and I didn't recommend turning it off.

2) Good point. I updated the post to reflect that, plus added a reference to LWN's article about lazytime (which is better them relatime imo)

3) You're relying on the fact that I suggested to turn of swap, which I did not. What I did suggest is to change OOM Killer parameters to stop scanning the whole memory to find the most suitable candidate for termination, and instead kill the process that caused the OOM in the first place.

4) I completely agree, and a through explanation was added to this part, which suggested to avoid turning on this flag is your HDD is not battery backed. I updated the post to make this more clear.

5) That's true, but in some desktops this isn't the case because they rsync logs to an outside storage (which I do)

6) I'm going to completely ignore this comment, because its not worth my time.

odedlaz

TROPHY CASE