Systemd lead developer Lennart Poettering has posted on Mastodon about their upcoming v256 release of Systemd, which is expected to include a sudo replacem...
    • million@lemmy.worldEnglish
      0·
      4 months ago

      I read the original mastodon post by the developer of run0 and I am still don’t understand what the problem with SUID is.

      Whats an example of an attack that would work with sudo and doas (which also uses SUID) and not on run0?

    • d3Xt3r@lemmy.nzM
      0·
      4 months ago

      Agreed, this is a nice inclusion. I also hate sudoers with a passion - I already use doas but it’s not standard (in the Linux world anyway), but with systemd providing an alternative means that it’ll become a standard which most distros would adopt, and I hope this means we can finally ditch the convoluted sudoers file once and for all.

        • NekkoDroid@programming.dev
          0·
          4 months ago

          The thing with this is: its just a symlink to the systemd-run binary, which talks to PID1 to spawn new processes (in separate cgroups IIRC). Its one of the most fundamental parts of systemd. Even the debian systemd package includes systemd-run.

          I guess the other question is if some tools the distro provides might switch to supporting it by default. For example on Arch there is makepkg that should never be executed as root, but does internally call some things with elevated privileges (mostly pacman to install and remove packages). Currently it checks for sudo and if not falls back to su, but maybe it might be worth considering changing su for run0 if its guaranteed to be there.