←back to thread

Run0, a systemd based alternative to sudo, announced

(mastodon.social)
466 points CoolCold | 2 comments | 29 Apr 24 23:59 UTC | HN request time: 1.421s | source
Show context
immibis ◴[30 Apr 24 15:25 UTC] No.40212064[source]
This will be great. We can finally deprecate sudo on systemd systems. Then we should be able to deprecate PAM, setuid bit, etc.
replies(3): >>40212610 #>>40212652 #>>40212876 #
1. Retr0id ◴[30 Apr 24 16:31 UTC] No.40212876[source]
Is removing setuid actually a win? I know it presents a security risk, but it feels like we're not actually removing that attack surface, just moving it around.
replies(1): >>40216619 #
2. NekkoDroid ◴[30 Apr 24 21:32 UTC] No.40216619[source]
Well... that "attack surface" isn't new, its mostly just repackaging systemd-run, which is just used to tell PID1 to launch a new process. So in total the attack surface would be reduced by removing sudo.