
Show HN: Oneway drop privileges in a non-reversible way - alsadi
https://github.com/muayyad-alsadi/oneway/releases/tag/v0.2
======
dozzie
> you want to drop privileges (as in Docker entry-points) but you don't want
> your process to be child process of su or sudo process.

> Unlike su or sudo this tool would exec to replace the current process (so it
> would receive signals ..etc.)

Where did you get the idea that su or sudo spawn a _child processes_ for
commands to run? I would be very, very wary of any security-sensitive code
from author who didn't get such a basic thing right.

Unless you do _very magic_ thing and replace my current shell, which would be
the parent process of your command.

~~~
alsadi
the current process here mean "oneway" or "su" not the parent of it.

so if you type "su -l -c sleep app" and type "ps ax" you would see a the "su"
process and a child process.

if you do that with "oneway", there wont be a process called oneway.

the usage of this is you can have "exec oneway" in your start.sh and you would
end up with no privileged processes at all.

on the other hand this won't happen even if you "exec su -c bash exec " no
matter how many exec you type. there will always be a su/sudo process

~~~
alsadi
as you can see here "alsadi" user is a sudoer but later with oneway, he was
unable to sudo again.

[http://imgur.com/a/IzrXR](http://imgur.com/a/IzrXR)

