• Kwdg@discuss.tchncs.de
    link
    fedilink
    arrow-up
    4
    arrow-down
    5
    ·
    7 months ago

    That already exists. systemd-run is already available today. So the attack surface would be smaller

    • DefederateLemmyMl@feddit.nl
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      1
      ·
      7 months ago

      Not really, because you’re now going to make it do more, i.e. incorporate the functionality of sudo and expose it to user input. So unless you can prove that the newly written code is somehow inherently more secure than sudo’s existing code, the attack surface is exactly the same.