(mastodon.social)

466 points CoolCold | 1 comments | 29 Apr 24 23:59 UTC | HN request time: 0.277s | source

Show context

segasaturn ◴[30 Apr 24 16:19 UTC] No.40212733[source]▶

>>40205714 (OP) #

I asked this in a thread about this from last night and didn't get a reply. For context, the way "run0" works is to apparently send a signal to polkit that requests a command under the root user's ID and permissions, thereby getting a privileged shell without SUID:

> How hard would it be to create a program to send a signal to polkit "impersonating" run0 and obtain a root shell without entering a password?

Anybody know how this is being authenticated?

replies(2): >>40212982 #>>40214434 #

1. ongy ◴[30 Apr 24 16:38 UTC] No.40212982[source]▶

>>40212733 #

Without looking at the he specific implementation

There should be a service running as uid=0 that exposes an unprivileged API.

This service then takes the RPC and does authorization with polkit.

I.e. the unprivileged part doesn't talk to polkit directly. But a privileged part uses polkit instead of a custom sudoers style config.

↑

Run0, a systemd based alternative to sudo, announced