Good news! run0 will use polkit[1], which uses JavaScript for its rules[2], so there's no limit to how complex your rules can get!

On the other hand, maybe adding a JavaScript interpreter to Linux's trusted computing base isn't good news...

[1] https://mastodon.social/@pid_eins/112353420303876549

[2] https://www.freedesktop.org/software/polkit/docs/latest/polk...

It's a heck if a lot better than a random smattering of shared libraries getting pulled into a random high-priviledge context which also inherits some other context from whoever is asking for authentication. Polkit gets a lot of flack but PAM is absolutely mad.

If the lesson of xz was "reduce supply chain attack surface" then the freedesktop people clearly haven't received it yet.

Fedora has used PolKit for 12 years now, and the javascript rules have probably been a thing for about as long.

Doctors recommended cigarettes for decades. What should give everyone similar pause is xz was found unintentionally.

Thats why i moved every sudoers rule to ldap. Much nicer to configure and no need for files with the same content on multiple servers. New users are added and removed fast and i can check the rule on any server.

What's the goal?

If the host is to get most scenarios off sudo, exceptions aren't a problem.

If the goal is to delete sudo, exceptions matter, and migrating what is migratable will clarify what the remaining requirements are.

sure but very few people (relatively) are doing stuff like that?