sudo-rs
sudo-rs copied to clipboard
memorysafety
A memory safe implementation of sudo and su.
Example: ``` $ sudo -D /tmb ls sudo: unable to change directory to /tmb: No such file or directory (os error 2) sudo-rs: cannot execute '/usr/bin/ls': No such file or...
Currently we have three types of settings: unsupported (with error),`#ignore`d ones and active ones. We can consider adding a class where instead of `unsupported` we could say `deprecated` (and only...
> hi, > > Cockpit uses sudo to gain root privileges for users performing actions via the web interface. We definitely need askpass support: we forward the prompt to the...
It's best practice to harden builds, for example with standard tools like Harden-Runner and cosign: https://github.com/step-security/harden-runner https://github.com/sigstore/cosign
Since `sudo-rs` is a modern sudo implementation written in a sane modern language (🦀❤️), perhaps it should make sane modern UX decisions. Not showing asterisks as you type your password...
E.g. suppose /etc/sudoers contains: `Defaults secure_path="/bin:./"`, emit a soft diagnostic that `.` is ignored. We might also do this if secure_path is disabled and a PATH is loaded that contains...
Instead of personal publishing, crates should be uploaded with Trusted Publishing: https://crates.io/docs/trusted-publishing https://crates.io/crates/sudo-rs/versions > #### Security Benefits > > * No long-lived API tokens to manage or rotate > *...
Revisit the `#[allow(clippy::perf)]` in `src/pam/rpassword.rs` to probably change them to `#[allow(clippy::unbuffered_bytes)]` once all the runners are guaranteed to have 1.88 or higher. It might also be that this clippy lint...
Right now sudo-rs version numbering is in the `0.2.x` range, with `x` a steady increasing number and the tacit assumption that only a semver-related change to our deliberately unusable `lib.rs`...
Metadata
Owner
Metadata
A memory safe implementation of sudo and su.