From: Florian Obser <florian@openbsd.org>
Subject: Re: Investigating adding functionality to doas
To: tech <tech@openbsd.org>
Cc: 
Date: Fri, 29 Nov 2024 18:05:19 +0100

On 2024-11-29 16:39 UTC, Stuart Henderson <stu@spacehopper.org> wrote:
> Or use a special binary based on doas which is _just_ used for these
> "internal" elevations and permits only them.

I have come to the conclusion (some time ago) that you can't
restrictively elevate privileges in a safe way.

So moment you let someone run a program with doas (or sudo) you might as
well just give them a root shell.

-- 
In my defence, I have been left unsupervised.