←back to thread

Run0, a systemd based alternative to sudo, announced

(mastodon.social)
466 points CoolCold | 1 comments | 29 Apr 24 23:59 UTC | HN request time: 0.214s | source
Show context
creshal ◴[30 Apr 24 06:19 UTC] No.40207773[source]
But they already ship pkexec together with systemd anyway via polkit, why are they again reinventing a wheel they already reinvented?

Unit files are a neat concept I don't want to miss again, but everything else done by Lennart seems to be an inceasingly stupid mistake born from hubris.

replies(5): >>40207817 #>>40207838 #>>40207901 #>>40207944 #>>40215561 #
1. roenxi ◴[30 Apr 24 06:25 UTC] No.40207817[source]
AFAIK privileges are an area that has an easy problem statement ("execute this command with that capability") and is fiendishly difficult to execute in practice. `sudo` alone has weird bits to set in the filesystem, magic users and all sorts of unhelpful implications - and it doesn't even lead to any particular security for single-user systems. Same-user code is a scary enough place to be running untrusted code.

Those sort of problems sound like the sort that get a lot of attempts which run into the complexity wall and halt. I think Amazon has one of the best implementations of a privilege system I've used and it is horrible.