this post was submitted on 09 May 2024
226 points (95.6% liked)

Linux

48348 readers
780 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
(page 2) 50 comments
sorted by: hot top controversial new old
[–] [email protected] 11 points 6 months ago (1 children)
[–] [email protected] 9 points 6 months ago (1 children)

sudo provides sudoedit or sudo -e which allows me to use vim with my user configuration btw

[–] [email protected] 4 points 6 months ago (1 children)

Just symlink your user config to root, nothing at all wrong with that.

load more comments (1 replies)
[–] [email protected] 5 points 6 months ago (15 children)

This just sounds like a bad idea, a solution in search of a problem. Sure, sudo is a setuid binary, but it's a fairly simple program, and at some point, you have to trust the code. It's also a very fundamental piece of the system that you want to always work, even (especially!) when other things get borked. The brief description of run0 already has too many potential points of failure.

[–] [email protected] 10 points 6 months ago (17 children)

sudo is a setuid binary, but it’s a fairly simple program

Some people would disagree to this.

The brief description of run0 already has too many potential points of failure.

If the "listener" is PID1, which will run the privileged command, in theory, it would be quite bullet proof (in a working system PID1 is always there). But since this is systemd, PID1 is much more than that and much more complex. On the other hand spawning another daemon from PID1 to be the "listener" makes it, perhaps, even more complicated. You'd have to make sure the listener is always running and have some process supervisor there to watch if it exits... and maybe even a watchdog polling it to make sure it isn't frozen.

So my conclusion is the same as yours:

a solution in search of a problem

We already have a working solution. Have a well written SUID program. I've been using doas for some years now. It's simple enough that I trust it.

load more comments (17 replies)
[–] [email protected] 8 points 6 months ago (1 children)

it took less than a day for someone to break run0 totally open, so basically, you have a choice between a well tested/debugged sudo and this new thing which may eventually mature

[–] [email protected] 7 points 6 months ago* (last edited 6 months ago) (2 children)

As far as I know, the exploit you are referring to, wasn't actually a vulnerability. https://youtu.be/awkoa_WxFIg?feature=shared&t=659 Although feel free to correct me on that one

load more comments (2 replies)
load more comments (13 replies)
[–] [email protected] 4 points 6 months ago (2 children)
load more comments (2 replies)
[–] [email protected] 3 points 6 months ago

I'm not systemd user, and I generally see this absorbing as much as possible as a terrible practice. I don't usually comment on systemd stuff, since I'm happy just not being forced to use it.

However, even though I don't use it, the decision of people managing systemd really affects non systemd users. See by succeeding in getting all major distros into become systemd distros (somehow now governed by RH, if anyone cares), everything systemd absorbs tend to leave alternatives sooner or later deprecated, or abandoned.

Even autofs is no longer part of some official repos, given systemd has its own auto mount/unmount functionality... And there are several other examples...

At any rate, hopefully the more bloated systemd, doesn't make it the more vulnerable. And also hopefully, doesn't make life worse and worse to non systemd distros and users...

BTW, before sudo there was su, so a life without sudo is possible, :)

[–] [email protected] 3 points 6 months ago

Never had an issue.

Might look for a replacement should an issue arise.

Been driving Linux since sarge.

load more comments
view more: ‹ prev next ›