I spent the last 3 days intensely thinking to create something new for computer security, making ParmanodL computers safer, but applicable to others who would want to copy. It involved...
1) Aggressive whiteboard doodling with frizzy hair
2) Long battles with retarded AI to test and probe
3)5 hr insominia mind's eye designing
4) Code testing
It's a way to solve the injection problem when making software patches that require restricted access.
Normally you'd need to physically enter the sudo password to permit (a deal breaker for web GUI), and if triggering the patch remotely, it's dangerous to send the sudo pass via a browser, or have the browser trigger scripts run by root.
It's solved with a restricted bucket directory, a sudoers.d-preapproved patch-running script, that enforces pgp signature checks before moving git pull patche files to the restricted area for running.
This way, parman-approved patch scripts can't be modified once they are in the restricted area, and beforehand if they are modified, The signature will be invalidated. This makes the script safe to execute with root privileges triggered by a remote browser, as nothing but parman-signed code can run.
It's super niche, but new, so maybe I'll do a publication somewhere.
Of course this is dependent on trusting Parmanode software in the first place, which you imply when entering your sudo password when requested.
The modification means you don't have to keep doing it, and no extra risk is added.
Similar to how you PGP check a wallet once when you install it, not every time you do a transaction.
The wallet you are running can actually maliciously change after you've PGP-approved and installed it, but Parmanode restricted bucket files can't.
This is one more reason to get a clean transaction computer at the very least, for bitcoin transactions - don't use your regular computer.
