Open Source

38012 readers

121 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago

MODERATORS

[email protected]

133

systemd Rolling Out "run0" As sudo Alternative (www.phoronix.com)

submitted 1 year ago by [email protected] to c/[email protected]

29 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 65 points 1 year ago (9 children)

But with one key difference: it's *not* in fact SUID. Instead it just asks the service manager to invoke a command or shell under the target user's UID. It allocates a new PTY for that, and then shovels data back and forth from the originating TTY and this PTY. Or in other words: the target command is invoked in an isolated exec context, freshly forked off PID 1, without inheriting any context from the client (well, admittedly, we *do* propagate $TERM, but that's an explicit exception, i.e. allowlist rather than denylist).

[–] [email protected] 6 points 1 year ago (2 children)

So none of my environment variables come with? 😐

[–] intrepid 6 points 1 year ago

Sudo also blocks almost all environment variables, with the option to set or copy them on demand. I assume that run0 will have similar facilities to propagate variables on demand.

PS: This is my technical understanding. Personally, I don't like systemd eating up all the other utilities.

load more comments (1 replies)

load more comments (7 replies)