On 15 Apr 2024, at 16:34, Andy Smith via BitFolk Users <users@mailman.bitfolk.com> wrote:

- That this is somehow a systemd issue. All of the code in every .so
 below can do stuff as root inside the address space of the sshd
 process.

Granted.

What makes sshd different is that it's run almost everywhere (hugely
attractive target) and it's often exposed to the whole Internet
(hugely attractive target) and a lot of it runs as root.

But despite that I expect it is still run in as many places as whatever web server you will use to implement your alternative solution.  You may argue that your web server doesn’t run as root, but if you intend it to perform this intended service then a portion of it will have to, so you’re back at square one.  What does your attack surface look like if you do ‘ldd /my/web/server’?  It still seems to me like you're trading one fairly complex, reasonably well understood mechanism for a more complex, less well understood alternative. 

Regards,
Chris

Chris Smith <space.dandy@icloud.com>