←back to thread

Run0, a systemd based alternative to sudo, announced

(mastodon.social)
466 points CoolCold | 3 comments | 29 Apr 24 23:59 UTC | HN request time: 0.76s | source
Show context
pmlnr ◴[30 Apr 24 06:14 UTC] No.40207739[source]
> The developer talks about the weaknesses of sudo, and how it has a large possible attack surface

Poettering's hypocrisy is painful.

replies(2): >>40207851 #>>40215571 #
mort96 ◴[30 Apr 24 06:30 UTC] No.40207851[source]
Is it? Does systemd's sudo replacement also have a lot of complex code running as root in a suid binary?

Because that's what he's complaining about

replies(3): >>40207883 #>>40208574 #>>40208584 #
1. pmlnr ◴[30 Apr 24 08:37 UTC] No.40208584[source]
The complaint might be valid. The solution, to shoehorn yet another functionality on systemd will in no way reduce complexity or attack vectors, merely shift them, again, like with all systemd solutions.
replies(2): >>40210496 #>>40221430 #
2. kreetx ◴[30 Apr 24 12:51 UTC] No.40210496[source]
The systemd attack vector is already there, and now the SUID attack vector is removed - sounds like reduction in attack vectors, no?
3. mort96 ◴[01 May 24 10:18 UTC] No.40221430[source]
What difference does it make if it's part of the systemd project or not? Do things suddenly become a more problematic attack vector when they're organizationally part of the systemd project instead of the sudo project?