Conill: Rethinking sudo with object capabilities
Date:
Sun, 14 Dec 2025 01:07:30 +0000
Description:
Ariadne Conill is
exploring a capability-based approach to privilege escalation on Linux
systems. Inspired by the object-capability model, I've been working on a
project named capsudo . Instead of
treating privilege escalation as a temporary change of identity,
capsudo reframes it as a mediated interaction with a service called capsudod that holds specific authority, which may range
from full root privileges to a narrowly scoped set of capabilities
depending on how it is deployed.
======================================================================
Link to news story:
https://lwn.net/Articles/1050370/
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)