Hacker NewsDec 13

Capsudo: Rethinking Sudo with Object Capabilities

https://ariadne.space/2025/12/12/rethinking-sudo-with-object-capabilities.html

#HackerNews #Capsudo #RethinkingSudo #ObjectCapabilities #Security #Innovation #TechNews

Rethinking sudo with object capabilities

I hate sudo with a passion. It represents everything I find offensive about the modern Unix security model: like su, it must be a SUID binary to work it is monolithic: everything sudo does runs as root, there is no privilege separation it uses a non-declarative and non-hierarchical configuration format leading to forests of complex access-control policies and user errors due to lack of concision it supports plugins to extend the policy engine which run directly in the privileged SUID process I could go on, but hopefully you get the point.

shibayashiDec 1
I wonder, if the proposed HTTP QUERY method could be used to circumvent one of the bigger issues with #Webkey #OCAP. Sending #ObjectCapabilities in the body instead of the URL would certainly help. Sadly, this will probably be another feature that is only available with JavaScript and not with HTML directly.

https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-safe-method-w-body-14
The HTTP QUERY Method

This specification defines the QUERY method for HTTP. A QUERY requests that the request target process the enclosed content in a safe and idempotent manner and then respond with the result of that processing. This is similar to POST requests but can be automatically repeated or restarted without concern for partial state changes.

IETF Datatracker
Show threadshibayashiJul 6, 2024
@matthegap https://en.wikipedia.org/wiki/Miller_columns

Fun fact: Invented by the guy who did a metric ton of work in the area of #ObjectCapabilities.
Miller columns - Wikipedia

Chuck DarwinDec 27, 2023

The federated social web is living in its second golden age, after the original success of StatusNet and OStatus in the late 2000s.

A lot of this success has been around unification of adoption of a single protocol, #ActivityPub, to connect together the many different instances and applications into a unified network.

Unfortunately from a security and social threat perspective, the way ActivityPub is currently rolled out is under-prepared to protect its users.

In this paper we introduce #OcapPub, which is compatible with the original ActivityPub specification.
With only mild to mildly-moderate adjustments to the existing network, we can deliver what we call “networks of consent”:
explicit and intentional connections between different users and entities on the network.

The idea of “networks of consent” is then implemented on top of a security paradigm called “object capabilities”, which as we will see can be neatly mapped on top of the actor model, on which ActivityPub is based.

While we do not claim that all considerations of consent can be modeled in this or any protocol, we believe that the maximum of consent that is possible to encode in such a system can be encoded.

Paradoxically, what may initially appear to be a restriction actually opens up the possibility of richer interactions than were previously possible on the federated social web while better preserving the intentions of users on the network.
#NetworksOfConsent #ObjectCapabilities #security
https://gitlab.com/spritely/ocappub

spritely / OcapPub · GitLab

MOVED TO https://codeberg.org/spritely/ocappub

GitLab
Show threadartfulrobotJan 22, 2023
@aral @cancel there's some recognition and of a possible solution to this problem using #objectCapabilities #ocaps #ocappub
https://gitlab.com/spritely/ocappub/blob/master/README.org
README.org · master · spritely / OcapPub · GitLab

MOVED TO https://codeberg.org/spritely/ocappub

GitLab
shibayashiJan 14, 2023
My very first paper was recently published in the #ACIG journal. It’s based on my master’s thesis and is about #ObjectCapabilities and #WebSecurity.

I would like to thank @ariadne and @cwebber who were the first people writing about #OCAP in my feed. Thanks for introducing me to this very fascinating topic and providing valuable learning material :)

https://acigjournal.com/resources/html/article/details?id=232881
Publishers Panel

Jeffrey YasskinNov 30, 2022
I'm starting to read ideas about using #ObjectCapabilities to manage #harassment on the fediverse. I'm pessimistic so far, although I could be surprised.
Specifically, I think OCaps will be effective at stopping people from punching down, but will also prevent spontaneous connections and stop people from punching up. That would be fine for a Facebook replacement, but not a Twitter replacement.
I'm aware not everyone wants a Twitter replacement, but I'll still be on the network that is one.
StrypeyJul 18, 2019
@icedquinn there's a much larger conversation to be had here about how computer security needs to work. In a nutshell, we are just emerging from the Wild West era of computing and we are figuring out how to replace isolated and often drunk-in-charge town Marshals and Sheriffs (package maintainers), with a robust, integrated public security infrastructure (#ObjectCapabilities, #ReproducibleBuilds etc). @librelounge did a whole episode on this:
https://librelounge.org/episodes/episode-2-thanksgiving-npm-and-malware-in-free-software.html
Episode 2: Thanksgiving, NPM and Malware in Free Software -- Libre Lounge

Show threadStrypeyJul 12, 2019
@succfemboi #ObjectCapabilities are a cool concept. Not sure how they relate to this discussion though. Can you expand on that?
Show threadStrypeyMay 12, 2019
@bamfic don't know, but there's a great discussion on #ObjectCapabilities on the @librelounge podcast :)
https://librelounge.org/episodes/episode-13-object-capabilities-with-kate-sills.html
@cwebber
Episode 13: Object Capabilities with Kate Sills -- Libre Lounge