(mastodon.social)

466 points CoolCold | 1 comments | 29 Apr 24 23:59 UTC | HN request time: 0.21s | source

Show context

CoolCold ◴[29 Apr 24 23:59 UTC] No.40205715[source]▶

>>40205714 (OP) #

Uses polkit.

run0, which behaves like sudo, but works entirely differently and is not SUID. Run0 asks the services manager to create a shell or command under the target user’s ID, creating a new PTY, sending data back and forth from the originating TTY and the new PTY.

replies(1): >>40211789 #

segasaturn ◴[30 Apr 24 15:05 UTC] No.40211789[source]▶

>>40205715 #

How hard would it be to create a program to send a signal to polkit "impersonating" run0 and obtains a root shell? :)

replies(3): >>40215921 #>>40220630 #>>40234804 #

1. YtvwlD ◴[01 May 24 07:54 UTC] No.40220630[source]▶

>>40211789 #

You'd need to be root already, so hard.

↑

Run0, a systemd based alternative to sudo, announced