This is beginning to sound like a rootless container, but done more correctly. The issue with setuid is that misusage may result in a security nightmare, at least for temporary privilege escalation.
On Fri, Aug 8, 2025, 2:52 PM <[email protected]> wrote: > On Fri, Aug 08, 2025 at 07:22:55PM +0200, hiro wrote: > > > So I asked myself if there was some mean to do the reverse from > > > "starting as unprivileged and then promoting": starting as root and > then > > > degrading to unprivileged > > > > IIUC that's exactly how unix always worked, > > plan9 otoh flipped it upside down, and so we start unprivileged. > > i do think the plan9 way is superior. > > check the sorry state of linux bolted-on "rootless" stuff. it all > > feels so wrong. > > Not exactly, in my view. For the problem at hand (but dealing with > "packages" utilities as is), my problem was more why not setuid all > the compiler utilities with some "src" or "vulkan" unprivileged user, > so that even if someone launches the programs as root, they will not > work as root. > > Link to the Cgroups: this is only a partial solution, since there is > more than what can be defined via the user. So the Nix possible > solution: that some programs be specifically with some defined > environment executing on a dedicated core. > -- > Thierry Laronde <tlaronde +AT+ kergis +dot+ com> > http://www.kergis.com/ > http://kertex.kergis.com/ > Key fingerprint = 0FF7 E906 FBAF FE95 FD89 250D 52B1 AE95 6006 F40C ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/T924b170304d49c32-M2f2fc7e65815f625a4ba4639 Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
