On 2024-11-29 16:39 UTC, Stuart Henderson <stu@spacehopper.org> wrote:
> Or use a special binary based on doas which is _just_ used for these
> "internal" elevations and permits only them.

I have come to the conclusion (some time ago) that you can't
restrictively elevate privileges in a safe way.

So moment you let someone run a program with doas (or sudo) you might as
well just give them a root shell.

-- 
In my defence, I have been left unsupervised.