Reply to post: Re: The real culprit

Get root on an OS X 10.10 Mac: The exploit is so trivial it fits in a tweet

TheVogon Silver badge

Re: The real culprit

"Their existence is proof of a failed security model, incapable of expressing a set of privileges for a process's execution."

This is indeed a significant architectural limitation - and a security risk as SUDO must always run initially as root / UID0.

Windows is a good example of an OS that does it right with fine grained ACLs (and auditing) capabilities built in from the ground up, and features like constrained delegation meaning an account can have just the admin rights it needs for each task. So for instance in Windows you can set seperate permissions and audit requirements for each and every config item. On *nix you can only do it per file.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019