102
Is there an advantage of using doas over sudo
(thelemmy.club)
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
I mean, that's one of the things that definitely needs permissions, right? You're overwriting system config and executables for all users on your system. Otherwise a malicious actor could just replace firewall configs, or embed malicious code into your executables. If not /bin and /etc what else should need privileges?
On a mutable distro maybe but also no. You need to update your system, always. The updates come from the distro, and you only invoke your privileged package manager to do these changes for you. Its not privileged.
If a malicious actor is able to replace package repos that your package manager uses, for example an infected server in the same network, this would be the only way to inject arbitrary stuff by using
dnf update
orrpm-ostree update
.Installing software and updating the already existing is very different.