sud 1.3 review

Download
by rbytes.net on

sud is a daemon to execute interactive and non-interactive processes with special (and customizable) privileges in a nosuid environme

License: BSD License
File size: 0K
Developer: Matteo Mazzarella
0 stars award from rbytes.net

sud is a daemon to execute interactive and non-interactive processes with special (and customizable) privileges in a nosuid environment.

Some advantages of the program are:

you can switch to root privileges on a remote machine and keep its disks mounted with nosuid flag
your client will be authenticated by getting effective credentials via unix socket
you can't brute force or try to exploit code unless you're in the authgroup (you don't have permission to open a client connection)
you can drop privileges and use sud to implement a suid program in a nosuid environment

Here are some key features of "sud":
added multiple services in the same configuration file every service is in the form label { parameters... }
added general daemon options with label = options
added general service options with label = default
added SO_PEERCRED linux support
added SIGHUP, SIGUSR1 support
added emergency service
signals are now more reliable based on self-pipe trick
sessions are now queued in a list
introduction of three new modes: read (alias command), blind (alias write) and readwrite. these are very useful to emulate setuid programs which don't need a terminal and to redirect stdin and stdout to suipfiles
changes in suz client in order to support new modes
improvements in SIGWINCH management
minor changes and new options for services

What's New in This Release:
added multiple services in the same configuration file every service is in the form label { parameters... }
added general daemon options with label = options
added general service options with label = default
added SO_PEERCRED linux support
added SIGHUP, SIGUSR1 support
added emergency service
fixed timeout support in Linux (value-result) (Posix.1g specifies the const qualifier for timeout in select)
signals are now more reliable based on self-pipe trick
sessions are now queued in a LIST
introduction of three new modes: . read (aka command) blind (aka write) readwrite
these are very useful to emulate setuid programs which don't need a terminal
and to redirect stdin and stdout to suipfiles
changes in suz client in order to support new modes
improvements in SIGWINCH management
minor changes and new options for services

sud 1.3 keywords