this post was submitted on 23 Jun 2024
78 points (91.5% liked)

Linux

48017 readers
1377 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 4 months ago* (last edited 4 months ago) (1 children)

It has some advantages. It can be configured with simple text files and normal filesystem permissions. The sshd code is mature and has a proven record of good security. It doesn't add yet another thing to systemd that has no business being part of systemd.

[–] doona 15 points 4 months ago (2 children)

I really don’t get why an alias to something that would be in systemd anyway (that’s all run0 is, an alias to systemd-run) would be an issue. Is systemd-run problematic or something?

[–] [email protected] 3 points 4 months ago (2 children)

The problem is that they're trying to frame it as a better replacement for sudo when it's really not.

In some respects, it's safer by not using a setuid binary. In other respects, it massively increases the surface area by relying on the correctness of three separate daemons: systemd, dbus, and polkitd. If any one of those components are misconfigured, you risk an unauthorized user gaining root privileges.

With sudo, the main concern is the sudo process being exploited through memory safety bugs since it runs at root automatically.

Don't get me wrong, sudo has a lot of stupid decisions and problems. There's a ton of code in sudo for features that almost nobody uses, and there's bound to be bugs in there somewhere. It needs to be replaced with something simpler, but run0 is not that.

[–] doona 3 points 4 months ago

Thank you for a non-hand-wavy response! I’m not entirely sure I agree, depending on more libraries doesn’t have to be an issue if they’re well designed and frequently used elsewhere, no? Is the implication here that systemd isn’t well designed?

In any case, would you say sudo is the best we have for temporary root elevation at the moment? I haven’t really heard of an alternative apart from doas.

[–] [email protected] 3 points 4 months ago

systemd, dbus, and polkitd. If any one of those components are misconfigured, you risk an unauthorized user gaining root privileges.

Just for my own understanding, if any of those are misconfigured, do you not anyway have a big security problem already, regardless of run0?