←back to thread

Run0, a systemd based alternative to sudo, announced

(mastodon.social)
466 points CoolCold | 5 comments | 29 Apr 24 23:59 UTC | HN request time: 0.676s | source
1. CoolCold ◴[29 Apr 24 23:59 UTC] No.40205715[source]
Uses polkit.

run0, which behaves like sudo, but works entirely differently and is not SUID. Run0 asks the services manager to create a shell or command under the target user’s ID, creating a new PTY, sending data back and forth from the originating TTY and the new PTY.

replies(1): >>40211789 #
2. segasaturn ◴[30 Apr 24 15:05 UTC] No.40211789[source]
How hard would it be to create a program to send a signal to polkit "impersonating" run0 and obtains a root shell? :)
replies(3): >>40215921 #>>40220630 #>>40234804 #
3. gh02t ◴[30 Apr 24 20:30 UTC] No.40215921[source]
Is that even a problem? Any program can shell out to sudo, hence why you shouldn't set NOPASSWD in sudoers. Polkit takes in a request on an unprivileged interface, that request is evaluated in privileged code against the set of privilege rules, and then passed the proper capabilities if the rules allow. This includes a mechanism where it can, if desired, prompt a user to enter a password etc to prevent a rogue program silently acquiring root. But even in the worst case, the rogue program is not going to acquire any capabilities that you would not otherwise have as with sudo, and the breakpoint between privileged and unprivileged code is (in theory) more tightly defined and controlled.
4. YtvwlD ◴[01 May 24 07:54 UTC] No.40220630[source]
You'd need to be root already, so hard.
5. intelfx ◴[02 May 24 11:08 UTC] No.40234804[source]
run0 does not send any signal to polkit, systemd does.