this post was submitted on 10 May 2024
1066 points (98.4% liked)

linuxmemes

21169 readers
479 users here now

Hint: :q!


Sister communities:


Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
  • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
  • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.

  • Please report posts and comments that break these rules!

    founded 1 year ago
    MODERATORS
     
    top 44 comments
    sorted by: hot top controversial new old
    [–] [email protected] 72 points 5 months ago (3 children)
    [–] [email protected] 27 points 5 months ago (2 children)
    [–] [email protected] 7 points 5 months ago (4 children)

    I don't know enough about IT security to understand this.

    Does that mean that run0 puts programs in some form of sandbox? What's the difference now to sudo?

    [–] [email protected] 7 points 5 months ago

    Basically the way sudo and doas work is that they turn your current session into a privileged one, then run the command, then put your session back the way it was, this can cause security issues. The way run0 works is that it just asks systemd to do it for you, removing those security risks.

    At least thats the way I understand it, im not an expert

    [–] [email protected] 4 points 5 months ago* (last edited 5 months ago)

    Someone did a ELI3 explanation for this a couple days ago. The ELI5 explanation was more complicated so someone asked for ELI3 lol

    ELI3

    Pouring a cup of juice is something an adult needs to be involved with.

    sudo is when you ask for permission to pour your own cup of juice. You ask an adult, they give you the cup and the juice, and then you’re responsible for pouring it. If the adult isn’t paying attention they may leave the fridge open for you to go back for more juice or another beverage, but otherwise you’re limited to the amount of juice the adult has given you.

    run0 is when the adult just gets you a cup of juice. You tell them what you want, they go and pour the juice, and just give you the cup with the juice in it. You never enter the kitchen, so you don’t have access to the fridge, just your cup of juice.

    ELI5

    Basically, the SUID bit makes a program get the permissions of the owner when executed. If you set /bin/bash as SUID, suddenly every bash shell would be a root shell, kind of. Processes on Linux have a real user ID, an effective user ID, and also a saved user ID that can be used to temporarily drop privileges and gain them back again later.

    So tools like sudo and doas use this mechanism to temporarily become root, then run checks to make sure you’re allowed to use sudo, then run your command. But that process is still in your user’s session and process group, and you’re still its real user ID. If anything goes wrong between sudo being root and checking permissions, that can lead to a root shell when you weren’t supposed to, and you have a root exploit. Sudo is entirely responsible for cleaning the environment before launching the child process so that it’s safe.

    Run0/systemd-run acts more like an API client. The client, running as your user, asks systemd to create a process and give you its inputs and outputs, which then creates it on your behalf on a clean process tree completely separate from your user session’s process tree and group. The client never ever gets permissions, never has to check for the permissions, it’s systemd that does over D-Bus through PolKit which are both isolated and unprivileged services. So there’s no dangerous code running anywhere to exploit to gain privileges. And it makes run0 very non-special and boring in the process, it really does practically nothing. Want to make your own in Python? You can, safely and quite easily. Any app can easily integrate sudo functionnality fairly safely, and it’ll even trigger the DE’s elevated permission prompt, which is a separate process so you can grant sudo access to an app without it being able to know about your password.

    Run0 takes care of interpreting what you want to do, D-Bus passes the message around, PolKit adds its stamp of approval to it, systemd takes care of spawning of the process and only the spawning of the process. Every bit does its job in isolation from the others so it’s hard to exploit.

    [–] [email protected] 3 points 5 months ago

    Sudo is a setuid binary, which means it executes with root permissions as a child of of the calling process. This technically works, but gives the untrusted process a lot of ways to mess with sudo and potentially exploit it for unauthorized access.

    Run0 works by having a system service always running in the background as root. Running a command just sends a message to the already running seevice. This leaves a lot less room for exploits.

    [–] [email protected] 2 points 5 months ago

    Sorry, but it's also beyond my understanding. As far as I can understand, run0 doesn't use a sandbox, but will better isolate the privileged processes from unprivileged ones when executing a command.

    [–] [email protected] 3 points 5 months ago

    setuid binaries are scary, so I could see myself getting behind this.

    [–] [email protected] 12 points 5 months ago

    I was thinking exactly this

    [–] [email protected] 4 points 5 months ago (1 children)

    Systemd specific, doesn't run in any distro, thus, I probably won't use it.

    [–] [email protected] 8 points 5 months ago

    Tbh, I don't think I can change the muscle memory. Even if run0 is forced on users as the new sudo, I'll just use an alias or some shit.

    [–] [email protected] 49 points 5 months ago* (last edited 5 months ago) (1 children)

    Linux kids do not accept cookies.

    [–] [email protected] 5 points 5 months ago

    Not from strangers anyway.

    [–] [email protected] 49 points 5 months ago (1 children)

    Kid is not in sudoers file. This incident will be reported.

    [–] [email protected] 14 points 5 months ago (1 children)

    Did we ever figure out who it gets reported to?

    [–] [email protected] 25 points 5 months ago (1 children)
    [–] [email protected] 6 points 5 months ago (1 children)

    Damn... XKCD for this too?

    [–] [email protected] 3 points 5 months ago

    If you're not aware yet, there's an xkcd for everything.

    [–] [email protected] 25 points 5 months ago (1 children)
    [–] [email protected] 1 points 5 months ago (1 children)

    Why does it rhyme with "shoot yourself in the foot"?

    [–] [email protected] 0 points 5 months ago

    It definitely doesn't rhyme

    [–] [email protected] 23 points 5 months ago (1 children)
    [–] [email protected] 3 points 5 months ago (1 children)

    Not as robust as far as I can tell. It doesn't seem to allow for the level of control and logging that sudo does

    [–] [email protected] 4 points 5 months ago (1 children)

    It's made for peoples who only has 1 user account on their machine, like 80% of Linux users

    [–] [email protected] 2 points 5 months ago (1 children)

    I think most of Linux users are server admins

    [–] [email protected] 2 points 5 months ago (1 children)

    Well it's not true, most of them use it as a daily os

    [–] [email protected] -1 points 5 months ago* (last edited 5 months ago) (1 children)

    Source? Most of the internet is powered by Linux

    [–] [email protected] 3 points 5 months ago (1 children)

    Not every sysadmin use Linux as a daily driver, otherwise there wouldn't be 4% of Linux users and 96% of linux server

    [–] [email protected] -2 points 5 months ago (1 children)

    That's what I'm saying. Most of Linux is servers.

    [–] [email protected] 1 points 5 months ago (1 children)

    No that's not you said. Linux users and servers hosting Linux systems are different things.

    [–] [email protected] 1 points 5 months ago (1 children)

    Those servers are used by Linux users technically

    [–] [email protected] 2 points 5 months ago

    Yep, but what i mean is that on servers sudo is the best choice because there's generally differents permissions to manage for differents users account, but on personal machine doas is better if you only have one user account

    [–] [email protected] 15 points 5 months ago
    [–] [email protected] 14 points 5 months ago (2 children)

    PowerShell: right clicks and selects run as administrator, loses previous session

    [–] [email protected] 1 points 5 months ago (1 children)

    Today you can use an inline "RunAs" command such as "runas /user:Administrator "powershell.exe -executionpolicy bypass -command Set-Location "$PWD"; .\install.ps1"

    Or you could use Gsudo.

    Additionally, Sudo will soon be available in Win11.

    [–] [email protected] 4 points 5 months ago

    That's cultural appropriation.

    [–] [email protected] 1 points 5 months ago* (last edited 5 months ago)

    Why? Because GUI shell = session...

    [–] [email protected] 12 points 5 months ago (2 children)
    [–] [email protected] 7 points 5 months ago (1 children)
    [–] [email protected] 2 points 5 months ago

    sudo git out of my head

    [–] [email protected] 5 points 5 months ago* (last edited 5 months ago)

    This comic strip always weirded me out. It's like the Veggie Tales of comic strips.

    [–] [email protected] 2 points 5 months ago

    sudo is a bloat su - for life.