Path: ...!news.mixmin.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Lawrence D'Oliveiro Newsgroups: comp.os.linux.misc Subject: Yet Another New systemd Feature Date: Sun, 5 May 2024 23:17:04 -0000 (UTC) Organization: A noiseless patient Spider Lines: 20 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Injection-Date: Mon, 06 May 2024 01:17:04 +0200 (CEST) Injection-Info: dont-email.me; posting-host="5a5e5419d741772afcc61781addc791b"; logging-data="2241686"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+eWOJWdgDp0plMfBjyn35z" User-Agent: Pan/0.155 (Kherson; fc5a80b8) Cancel-Lock: sha1:6ryyw9V9bosJtKx/wixtVIvUfxM= Bytes: 1932 Lennart Poettering wants to get rid of sudo now, and replace it with a new systemd feature called “run0” . It is hard to write code that runs setuid, and sudo has had quite a few security vulnerabilities over the years. So Poettering’s idea is to replace the setuid executable with another use of the existing PolicyKit system. Interesting that Poettering thinks we should get rid of the whole idea of setuid altogether. AT&T actually got a patent on the concept, back in the early days of Unix. Other OSes had the concept of privileged code, but what made setuid different is that any user can set this mode on any executable they create, and when other users run this executable (if they are allowed to), they temporarily get the permissions of the owning user. On Linux, this concept was always constrained a bit: I think it only works on compiled machine-code executables, not on interpreted scripts.