Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Operating Systems Software Linux

Systemd Announces 'run0' Sudo Alternative (fosspost.org) 320

An anonymous reader quotes a report from Foss Outpost: Systemd lead developer Lennart Poettering has posted on Mastodon about their upcoming v256 release of Systemd, which is expected to include a sudo replacement called "run0". The developer talks about the weaknesses of sudo, and how it has a large possible attack surface. For example, sudo supports network access, LDAP configurations, other types of plugins, and much more. But most importantly, its SUID binary provides a large attack service according to Lennart: "I personally think that the biggest problem with sudo is the fact it's a SUID binary though -- the big attack surface, the plugins, network access and so on that come after it it just make the key problem worse, but are not in themselves the main issue with sudo. SUID processes are weird concepts: they are invoked by unprivileged code and inherit the execution context intended for and controlled by unprivileged code. By execution context I mean the myriad of properties that a process has on Linux these days, from environment variables, process scheduling properties, cgroup assignments, security contexts, file descriptors passed, and so on and so on."

He's saying that sudo is a Unix concept from many decades ago, and a better privilege escalation system should be in place for 2024 security standards: "So, in my ideal world, we'd have an OS entirely without SUID. Let's throw out the concept of SUID on the dump of UNIX' bad ideas. An execution context for privileged code that is half under the control of unprivileged code and that needs careful manual clean-up is just not how security engineering should be done in 2024 anymore." [...]

He also mentioned that there will be more features in run0 that are not just related to the security backend such as: "The tool is also a lot more fun to use than sudo. For example, by default, it will tint your terminal background in a reddish tone while you are operating with elevated privileges. That is supposed to act as a friendly reminder that you haven't given up the privileges yet, and marks the output of all commands that ran with privileges appropriately. It also inserts a red dot (unicode ftw) in the window title while you operate with privileges, and drops it afterwards."

This discussion has been archived. No new comments can be posted.

Systemd Announces 'run0' Sudo Alternative

Comments Filter:
  • by Alain Williams ( 2972 ) <addw@phcomp.co.uk> on Tuesday April 30, 2024 @06:11PM (#64437216) Homepage

    I will continue to use it. I cringe at the thought of the ever expanding attack surface of systemd.

    • by kriston ( 7886 ) on Tuesday April 30, 2024 @06:49PM (#64437324) Homepage Journal

      I can't disagree.
      Systemd already does too much. Kitchen sink and all.

      • by OngelooflijkHaribo ( 7706194 ) on Tuesday April 30, 2024 @07:33PM (#64437450)

        I run Xorg as root. Many people say this is bad since it can run without root now, but in order to do that, one needs to run logind, or elogind as root. Elogind has had so many more security bugs than Xorg it's not even funny as a comparison, and logind depends on system for dubious “cgroup single writer" reasons that never manifested and systemd has even more.

        Certainly, if one already run logind it's probably better to run Xorg as a user and run it through logind, but I don't run logind, and making logind run as root to stop Xorg running as root seems like a security downgrade to me.

        I wish there were a very simple little piece of software that could handle seats that wasn't Logind or Consolekit though, both do too much and constantly have security issues, this would be a priority for me if other persons used my computer, but they don't, so right now I'm simply in the audio, video, and input group but this does mean that I can access the audio, screen and input devices even when I not physically be at the computer which at one point shouldn't be possible, but it's also something I sometimes need when I'm away from home and SSH in through a phone.

      • Systemd should be a different OS and not a kludge on Linux.

        • by Jeremi ( 14640 )

          Systemd should be a different OS and not a kludge on Linux.

          It kind of is a different OS, but it's gestating inside of Linux, growing every year, and at some point it will start deprecating Linux out of the nest and eventually we'll all be running SystemD-OS (which used to include Linux, back in the day).

          • by BerkeleyDude ( 827776 ) on Tuesday April 30, 2024 @11:47PM (#64437824)
            Iâ(TM)d just like to interject for a moment. What youâ(TM)re refering to as SystemD-OS, is in fact, GNU/SystemD-OS, or as Iâ(TM)ve recently taken to calling it, GNU plus SystemD-OS. SystemD-OS is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.
            • by BerkeleyDude ( 827776 ) on Tuesday April 30, 2024 @11:47PM (#64437826)
              (Also, holy shit, it's 2024, and Slashdot still can't handle Unicode...)
              • by tlhIngan ( 30335 )

                (Also, holy shit, it's 2024, and Slashdot still can't handle Unicode...)

                It's supported Unicode for nearly two decades now, actually.

                The problem is, Unicode is constantly changing, and codepoints can be defined which have meanings that change.

                So the designers made it a whitelist of allowed codepoitns, which basically is the ASCII set. Everything else is disallowed. Of course, since it's the ASCII set, all you have to do to enforce this is fix the high bit to zero.

                But for a while there was a lot of abuse of t

        • For those of us old enough to remember...

          What we refer to as Linux should maybe rightfully be called GNU/Linux, as the OS is a combination of the Linux kernel with the GNU userland. There used to be an effort to make the longer name stick, but it's a mouthful, so nobody cared.

          Where the SystemD project is going is to replace the GNU userland with a SystemD userland, one piece at a time. The project will be complete when there is no GNU left in the system, and the resulting OS will be rightfully called Syste

  • Comment removed (Score:5, Insightful)

    by account_deleted ( 4530225 ) on Tuesday April 30, 2024 @06:11PM (#64437218)
    Comment removed based on user account deletion
    • by chas.williams ( 6256556 ) on Wednesday May 01, 2024 @06:23AM (#64438202)
      Don't worry—run0 will only be linked to necessary libraries, like xz, in case you want to enter compressed commands.
  • by He Who Has No Name ( 768306 ) on Tuesday April 30, 2024 @06:14PM (#64437230)

    Seriously, can somebody just pay the dude enough to fuck all the way off already?

  • SystemdOS (Score:4, Informative)

    by markdavis ( 642305 ) on Tuesday April 30, 2024 @06:17PM (#64437242)

    > "So, in my ideal world, we'd have an OS entirely without SUID"

    In *his* ideal world, he would have an OS with every service, even kernel functions, running under systemd... SystemdOS.

  • What delusion (Score:5, Insightful)

    by OverlordQ ( 264228 ) on Tuesday April 30, 2024 @06:28PM (#64437266) Journal

    And how it has a large possible attack surface.

    And systemd *doesn't*!?

  • Really? (Score:5, Insightful)

    by fuzzyfuzzyfungus ( 1223518 ) on Tuesday April 30, 2024 @06:30PM (#64437272) Journal
    We're taking pious lectures about excessive attack surface and too many features from the systemd guy?
    • Re:Really? (Score:5, Insightful)

      by gweihir ( 88907 ) on Tuesday April 30, 2024 @07:13PM (#64437404)

      Well, I am not. This person is a fuckup with an oversized ego. He neither understands KISS nor "if it is not broken, do not fix it".

  • Security eye candy (Score:5, Insightful)

    by Flexagon ( 740643 ) on Tuesday April 30, 2024 @06:31PM (#64437274)
    I may not be entirely up on all the issues with sudo, but when someone tries to offer me a better security solution, and then tacks on "is more fun to use than sudo", i.e., "it will tint your terminal background", then I'm done. "It's a dessert topping! No, it's a floor wax!". Specifically, I may have my terminal set up with my own color scheme, and I don't want it messed with by a bunch of system utilities. And anything in there that's not directly related to its security function just adds more code to worry about.
  • Bad ideas? (Score:5, Insightful)

    by Anonymous Coward on Tuesday April 30, 2024 @06:31PM (#64437276)

    Let's throw out the concept of SUID on the dump of UNIX' bad ideas.

    Bad ideas?
    Are you talking about the bad ideas that has made it the most popular operating system in history?
    Are you talking about how absolutely horrible it is that over 60% of Azure instances are not-Windows?

    Are you just trying enshittify Linux into being as terrible as Windows?

    Someone page Microsoft, because they just implemented sudo in Windows. I mean...it's an absolutely atrocious version of sudo that doesn't let you run specific commands with admin privileges, or change to a different user's context...but they thought it was so awesome they finally added it....50 years late.

    • Re: (Score:2, Funny)

      by christoban ( 3028573 )

      You're right. Linux is perfect. Any changes equals Windows. No room for improvement whatsoever.

      O_O

      • by kriston ( 7886 )

        Hold up. RUNAS.EXE has existed since the beginning.

        • Sure, but I said the everything as a file thing has to go.

          Runas and Sudo are really minor potatoes.

          • by troff ( 529250 )

            > Sure, but I said the everything as a file thing has to go.

            But... why?

            • Mainly the complexity it adds by being implemented in the OS. The idea is still a good one, but it is only really useful in scripting, which is where it should have been implemented. In fact, by being a part of the OS, it's fostered both a rigidity and a strong dependency that has locked UNIX in the past.

              In fact, Nushell is a scripting language for Linux that does exactly this, but since it isn't an OS intrinsic, it had the freedom to improve the abstraction by elevating it to everything-as-an-object inst

              • by troff ( 529250 )

                Simpler how? Now you need to know the specific functions and members of every object, unless you're talking about incredibly basic ones at which point you've just reimplemented open read write and close oh look it's files (alright, filehandles) again.

                I completely admit I've heard of Nushell but never used it. I HAVE tried some Powershell and if their syntax is an example of how it works, it's a horror. Not to mention having to chain together its bizarreness just to display simple text on screen, it's made t

        • Love your site, BTW! That's so cool. Cute baby. No, really!

  • improvement? (Score:5, Interesting)

    by internet-redstar ( 552612 ) on Tuesday April 30, 2024 @06:43PM (#64437306) Homepage
    So what exactly is the improvement run0 brings?

    To attack one of the most popular tools in Linux and enforce millions of people to change their behavior, there must be extraordinary justifications. I fail to see those.

    • by dskoll ( 99328 )

      I posted in another comment, but there's a good technical discussion at LWN [lwn.net].

    • by gweihir ( 88907 )

      Poettering wants to make all Linux into Poetterix. For him that is reason enough. For anybody else that should be reason enough to stay away from his crap.

    • Re:improvement? (Score:5, Insightful)

      by OngelooflijkHaribo ( 7706194 ) on Tuesday April 30, 2024 @07:42PM (#64437490)

      This is honestly something in general that people at Freedesktop don't understand. Lennart seems to be a very passionate programmer and one can't say his output isn't high, but such persons often miss that for many people cost of switch is a heavy price. This is a common issue with programmers who are passionate rather than corporate. Python3's fiasco also showed how much Guido didn't seem to realize that obviously, people weren't all that interested in simply rewriting already existing code or maintaining two versions of libraries at the same time. The same is going on with Wayland right now.

      They feel they have a new and better product, and then wonder why people aren't switching. Even assuming that the new product be better, which is often debatable, it needs to be substantially better to justify the cost of switching. I've seen it so many times that people assume everyone will simply switch, and then it doesn't happen, and then more fragmentation happens and everyone else is now burdened with maintaining two different backends.

      • by HiThere ( 15173 )

        If you want to talk about a conversion fiasco, don't talk about Python. They handled it pretty well. Talk about Perl, which still hadn't recovered.

        • I strongly disagree. They handled it terribly and the original e.o.l. was 5 years and they actually thought people would switch by then which was sorrily optimistic. Breaking backwards compatibility over something this small simply shouldn't have happened to begin with.

          Look at Rust where they actually do it well. Libraries written in old editions can be called from new editions and they will continue to support the old editions until they have proof that almost no one is still using them. On top of that old

      • i used to hate Lennart after Pulseaudio, then I realized he had great ideas but distro maintainers just shipped Pulseaudio by default before the implementation was ironed out. So it wasn't his fault. Since then, all the tools he developed landed in mainstream distros. The guy is really dedicated despite the infinite unwarranted backlash against him.
    • Re: (Score:2, Informative)

      by Wyzard ( 110714 )

      To attack one of the most popular tools in Linux and enforce millions of people to change their behavior, there must be extraordinary justifications. I fail to see those.

      Attack? Enforce? They wrote a program and made it available. You can use it if you want. You can also continue using sudo if you prefer, or OpenBSD's doas (which also works on Linux; funny how nobody called that an "attack" on sudo).

      The stated justification is that the privileged process doesn't inherit lots of state from an unprivileg

    • by hawk ( 1151 )

      and just as I'd grudgingly even accepted sudo itself!

  • by fahrbot-bot ( 874524 ) on Tuesday April 30, 2024 @06:45PM (#64437312)

    Lennart is the Linux version of someone building and hawking either 10-blade or straight razors, but I can't figure out which ...
    Either way, I'm sure we'd all be better off, happier, and safer w/o him.

  • Uh, what? (Score:4, Funny)

    by msauve ( 701917 ) on Tuesday April 30, 2024 @06:57PM (#64437348)
    >by default, it will tint your terminal background in a reddish tone while you are operating with elevated privileges.

    I use an ADM-3A, you insensitive clod.
    • You mistyped ASR33.

      • Lear Siegler was like 1/10th the price and didn't chew through reams of paper every day. Also it wasn't 85 decibels or whatever an ASR33 was when it was going at full tilt.

        The real dream terminal for me was a Tektronix 4010. Kind of horrible for watching systemd's boot spam scroll by, but pretty awesome for so many other things.

  • Ask Jia Tan (Score:5, Insightful)

    by AcidFnTonic ( 791034 ) on Tuesday April 30, 2024 @06:58PM (#64437352) Homepage

    Well didnt linux just brush off a HUGE supply chain attack caused SPECIFICALLY by secure sshd code getting linked against xz due to systemd?

    He literally has no standing here.

    • by gweihir ( 88907 )

      Yep, pretty much. Of course there were also utterly stupid distro maintainers in the picture that thought patching systemd into sshd was a good idea, and for some convenience feature, no less. Crappy people handling critical system functionality. Sometimes Linux begins to feel like Windows.

  • Well, I do not use sudo, so I am not tempted to even look at the latest mess from Poettering.

  • by 93 Escort Wagon ( 326346 ) on Tuesday April 30, 2024 @07:08PM (#64437380)

    "... [sudo] has a large possible attack surface"

    Yes, as does systemd - as recent history has shown us.

    "The tool is also a lot more fun to use than sudo. For example, by default, it will tint your terminal background in a reddish tone while you are operating with elevated privileges. That is supposed to act as a friendly reminder that you haven't given up the privileges yet, and marks the output of all commands that ran with privileges appropriately. It also inserts a red dot (unicode ftw) in the window title while you operate with privileges, and drops it afterwards."

    Hmm... those "bonus features" sound like exactly the sort of thing that needlessly increases the attack surface of a piece of software.

    • by Wyzard ( 110714 )

      Hmm... those "bonus features" sound like exactly the sort of thing that needlessly increases the attack surface of a piece of software.

      From Lennart's description it sounds like the background tint stuff is done by the unprivileged, untrusted run0 program, which has no control over the decision-making of whether the user is allowed to do privileged things. That part is done by systemd and polkit in separate processes, the privileged command runs in another separate process, and run0 is basically just a cli

  • by dskoll ( 99328 ) on Tuesday April 30, 2024 @07:09PM (#64437388) Homepage

    Ignoring the usual systemd hate / anti-Poettering rants... there's a lot of technical merit in this proposal.

    Writing secure SUID programs is really, really hard.. And sudo is a very complicated piece of software with a huge attack surface.

    Having privileged programs started from a daemon with a controlled environment that an attacker cannot manipulate is a very good idea. There's a good technical discussion of the merits over at LWN [lwn.net].

    • by troff ( 529250 )

      > Writing secure SUID programs is really, really hard.

      I never thought I'd need the balls to say this, but I've just seen the justification for the phrase "git gud". Why in the name of mercy would you trust to an author of SUID programs unless they were good?

    • Re: (Score:2, Interesting)

      by Brain-Fu ( 1274756 )

      It took a lot of scrolling to find a post that was not full of vitriol. I understand that a lot of people take philosophical exception to systemd but the ferocity of the hatred has a religious flavor to it.

      It's not like systemd doesn't work. It's not like it's a propriety, closed-source trap. There are reasons why all the major Linux distros adopted it. And there are still distros that don't use it, so people still have choice. Why must there be such rage?

      I wonder if its another situation where the hat

  • run0 first made me think of dividing by zero or running null...but I know the real answer is that it is 'run' and 'world emoji'.

    See, this way, all the world, and all the bad code in it, will run with global superuser without that pesky 'sudo' command.

    run zero is far superior you see - you only need your index fingers. It makes it easier for hunt and peck folks to type. sudo requires four whole fingers and is clearly too big an ask for administrative use.

  • by AlanObject ( 3603453 ) on Tuesday April 30, 2024 @07:23PM (#64437432)

    Arguably the greatest impact that systemd has had on the Linux community as a whole is the endless fount of ranting and raving about systemd. It has been going on for years now with no sign of abating. And where would /. be without it.

    Seriously, people. You don't have to be a member of a cult, an activist group, robe yourself as a disciple, a contrarian, purist or the dirty wino blocking your way into the grocery store. Use it or not as you see fit.

    • by HiThere ( 15173 )

      There probably are use cases where some people get some advantage from it. (Just not me.)

    • Use it or not as you see fit

      Thank goodness. Holy shit the tribalism here it something else. LWN and phoronix have much more level headed discussions. Slashdot has just turned into a massive knee-jerk of "BACK IN MY DAY!"

      If you don't like systemd, there's literally a distro for that. [devuan.org] Just go use that. The "let's all go kill Lennart Poettering" gets old.

      If I had mod points I'd mod you up. There's so few people left that think we should all just use what we think is the best tool for a given situation.

  • Dude works on systemd for Microsoft. What more do you need to know?

    We are past Embrace and into Extend. Extinguish is coming is due time.

  • Explain to the class how you can have a mechanism that allows unprivileged processes to do things like manipulate hardware without having a privilege escalation mechanism, and how any such mechanism to enable user software to manipulate computer hardware could possibly be general enough to be useful for people writing computer software that interacts with arbitrary hardware interfaces without introducing having the exact same attack surface as sudo?

    For extra credit, explain how your proposed solution won't

    • by Wyzard ( 110714 )

      Explain to the class how you can have a mechanism that allows unprivileged processes to do things like manipulate hardware without having a privilege escalation mechanism, and how any such mechanism to enable user software to manipulate computer hardware could possibly be general enough to be useful for people writing computer software that interacts with arbitrary hardware interfaces without introducing having the exact same attack surface as sudo?

      A client/server architecture where an untrusted client sub

  • by ctilsie242 ( 4841247 ) on Tuesday April 30, 2024 @07:39PM (#64437478)

    There are already operating systems without SUID. Solaris comes to mind, where root ships as default as a role, but can be converted to a user. On that platform, su and sudo just add privs to the existing user. AIX also can run in a rootless mode.

    The thing about run0 that worries me is a concern I had about systemd in general. A ton of new code that is unproven. Yes, sudo has had issues, and yes, it has had show-stopper bugs, but at least people have hammered on it, and it has been battle-tested in the field for decades.

    run0 doesn't have that. Will there be a dedicated security team going through the new code, line-by-line and running tons of tests to make sure run0 isn't a free sally port into full privileged processes, even when RAM pressure is insane and things can get really glitchy. I think systemd has been audited, but not recently, and something as fundamental as a PAM gateway needs to be closely studied, preferably by multiple nations' security organizations.

    Of course, how does run0 interact with SELinux and AppArmor? That is a big thing.

    Overall, it might be a useful tool... but the entire philosophy behind systemd goes fundamentally against the Unix Way. Things need to be small, easily auditable, modular, and be configured via text config files. This way, as little stuff is running as possible, and it is easier to put barriers in place to detect issues. With systemd, you have this large process that runs as close to kernel space as a userland process can get, and all it takes is one weakness in one part of systemd to make it into a vector for remote attackers, with little to no mitigations possible because it runs the OS (which should belong to a leaner, meaner task like upstart or init.)

  • Sudo (Score:5, Funny)

    by ArchieBunker ( 132337 ) on Tuesday April 30, 2024 @07:56PM (#64437514)

    The joke is on him. I'm a greybeard so I just su like a real man.

    • I use sudo for simple commands, and su if I have to do more work with root priviliges.

      For instance, I only use su after I log in to my servers because it's all admin work anyway.

    • by znrt ( 2424692 )

      sudo bash. por qué no los dos?

  • SystemD is a virus (Score:4, Informative)

    by darkain ( 749283 ) on Tuesday April 30, 2024 @08:14PM (#64437536) Homepage

    SystemD is a virus, and not for the reasons others usually mention.

    SystemD is absolutely destroying the Free/Open-Source Operating System ecosystem.

    SystemD is designed for and only for Linux. It is entirely built around the concept of "not invented here syndrome"

    For every single utility that is changed to have a hard dependency on SystemD, they're literally saying "FUCK YOU" to every other OS out there, including the BSDs, Illumos/SmartOS, MacOS, Windows and more! For a period of time, one of these was literally the Gnome desktop. The Linux community fought hard against the mono-culture of Windows, only to create a new mono-culture of its own.

    Gentoo has a non-complete list of some of the major utilities with hard SystemD dependencies. But it doesn't stop there, dependencies are a chain, and quite a few things have hard dependencies on these utilities too. https://wiki.gentoo.org/wiki/H... [gentoo.org]

  • by Big Hairy Gorilla ( 9839972 ) on Tuesday April 30, 2024 @08:39PM (#64437568)
    There's no reason to believe any of that. It's about gaining market share. Lennart was either a willing fool or the knowing pawn of IBM. Systemd is about market capture with proprietary technology. Once there's a critical mass, no one can get out.. that's clear from most of the previous comments.

    Red hat isn't open anymore. Ubuntu isn't open. They are what? Enterprise? So that means there's lots of consultants to hire and fire. Very handy if you want to get government work. There is a lot of hate on systemd, which it deserves, but the acid test is ...all the programs still run exactly the same... you don't need it, so then why run it in the first place?

    The argument that would make most sense to use sysd is that it offers certain advantages... there would be a lot to talk and arguing, but in the end it's not adding value just changing *how* you get stuff done.. text logs vs binary logs.... ugh.... here we go... the real bullshit starts when Joebuntu claims that some, usually horrifying, piece of software won't run.... The dependency and likely bloated size of said software is because programmers are LAZY. They can also be like sheep so guys like Lennart who captured market share don't know that they will soon be told what to do. So the blindness to the control issue and the idea that an agent some middle layer of software will make it easier for you ... .often isn't true. The deeper your system knowledge goes, the more all that stuff gets in the way of any control or efficiency... So the parting shot is this: whatever fairy dust that sysd supposedly has, any competent system programmer would write himself.

    Now get out of my jello tree. Sorry, but Linux is broken into these market blocks now, it's not about purity, its about controlling the market share. Never a kind word has been said about Snaps, eh? But you're still using them. Ubuntu, the Microsoft of Linuxes. Would you like a 5 seat license for only whatever?
  • by troff ( 529250 ) on Tuesday April 30, 2024 @08:50PM (#64437584) Homepage Journal

    Okay, hold up, I admit upfront I'm not a system programmer, so please pardon and correct my ignorance.

    But a) wasn't the previous systemd philosophy about things like sudo for services to convert them to user services and not needing privileges?
    b) he says sudo has too great an attack surface and then starts talking about all its extra features including "fun"?
    c) hold up if it modifies output and you're piping text, isn't that going to screw workflows?
    d) if it's "half under the control of unprivileged processes", isn't the other half under the control of the enforcing kernel with veto rights?
    e) how is suid "a weird idea" if it's been in use since the early 1970s and currently in the public domain?
    f) What, er, what privileges will run0 run with?
    g) So, we're not supposed to trust a system in place and openly published since the 1970s, but let's all trust to the great Algorithm that is systemd?
    h) Wasn't there a thing once upon a time where systemd was supposed to allow mobile home directories and trusts of those home directories? But SUDO has a big attack surface...?

    Not to mention "fun to use", is this a workflow tool or a video game? He really does work for Microsoft, doesn't he?

    • by Wyzard ( 110714 )

      a) wasn't the previous systemd philosophy about things like sudo for services to convert them to user services and not needing privileges?

      User services are for things that don't need elevated privileges, like components of your GUI desktop environment. Tools like sudo and run0 are for administrative tasks that genuinely do need privilege. They're unrelated things, and I've never seen anything saying to replace sudo with unprivileged user services; that doesn't even make sense to me.

      b) he says sudo has to

  • run0 doesn't implement a configuration language of its own btw (i.e. no equivalent of /etc/sudoers). Instead, it just uses polkit for that, i.e. how we these days usually let unpriv local clients be authorized by priv servers.

    Polkit .rules files are quite readable, for the most part, but they're also written in ECMA-262 edition 5 JavaScript! I'm not really thrilled with config files that are executable and might have odd exploitable language features I don't really need. But, whatever you do, don't run it w

  • by stevenm86 ( 780116 ) on Tuesday April 30, 2024 @09:42PM (#64437658)
    Cool, let's write a teardown for why sudo "sucks", and follow that up not by explaining how the new tool solves these problems in better ways, but by explaining that it'll tint your terminal and put unicode into your window title.
  • To answer my own question: Because 'run0' is part of Poetterings strategy to own it all. Run0, continuing the proud SystemD tradition of introducing bugs and security vulnerabilities and poorly re-implementing things that already work.
  • But I never asked for this. I already have sudo and sudoers. I even have it configured correctly on a cluster with LDAP so that machines imaged for engineers to use for testing grant only the person who reserved the machine root access. I'd be dollars to donuts that systemd is not going to handle all the use cases we need on day one.

    I'd like to see more effort put into configuration of cgroups configs. And the much harder problem of TAP/TUN/VDE-2 network configuration so it's not a nightmare of filenames wi

  • ... system functions does run0 use to accomplish the execution permission shifts that SETUID (and SETGID) currently provide? I don't really see anything explaining the advantages of run0 or even exactly how it will work.

    Hint: sudo is only one very small case of a SETUID program that just happens to temporarily grant root permissions. There are other programs. Not all involve root permissions and administrative maintenance tasks. Is Poettering suggesting throwing out SETUID/SETGID just because he can't un

  • What production-ready distros don't use systemd? Seems like everyone's gargling the systemd kool-aid but I can't stand it.

    Is Alpine Linux the only contender?

You are always doing something marginal when the boss drops by your desk.

Working...