Hacker News new | past | comments | ask | show | jobs | submit login

First of all, I like the idea. But I have questions.

What does logging look like for this?

I don't think it would be too difficult to log commands run with polkit, but is there an equivalent of sudo I/O logs? My guess is there isn't now, but to fully replace sudo it will probably need a way to record everything on the ptty it creates.

What environment variables does it forward by default? From the man page it sounds like SHELL is. What about TERM? Any others? What environment variables are set? What is PATH set to?

How are signals handled? Will a signal sent to the run0 process be propagated to the priveleged process?

What about sudoedit? How would I achieve similar functionality with run0?




From the post:

> well, admittedly, we do propagate $TERM, but that's an explicit exception, i.e. allowlist rather than denylist




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: