Meetings and Events [RSS]

Subdo, Ipsen S. Ripsbusker
2018-10-03 @ 18:30 - Suspenders, 108 Greenwich Street, 2nd Floor
Abstract

Subdo installs packages such that your main user (the "super") has the right to run the program through doas, sudo, or ssh as a user dedicated to the particular program (the "sub"), group information and filesystem access are configured accordingly.

Here are some reasons you might want to do this.

  • A program has lots of dependencies, and you thus don't want to port/package it.
  • You are using multiple package managers and want to ensure that dependencies are separated by package manager.
  • You do not trust the software to run properly, as it may contain bugs or malware.
  • setuid, &c., is not appropriate, or you don't feel like using it.

While it is technically quite different, subdo has been compared to Android, chroot, jails, containers, and virtual machines.

subdo protects against many bugs and naive malwares, but vulnerabilities are known for usage of subdo with the doas and sudo backends and for usage of X programs through subdo.

Media
Speaker Biography

Ipsen S. Ripsbusker is a berry farmer. He mostly grows currants, but he also grows other berries. He has been developing Unix-like software as a hobby for 15 years.