Sujet : Yet Another New systemd Feature
De : ldo (at) *nospam* nz.invalid (Lawrence D'Oliveiro)
Groupes : comp.os.linux.miscDate : 06. May 2024, 01:17:04
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <v1941f$24d4m$1@dont-email.me>
User-Agent : Pan/0.155 (Kherson; fc5a80b8)
Lennart Poettering wants to get rid of sudo now, and replace it with a
new systemd feature called “run0”
<
https://itwire.com/business-it-news/open-source/poettering-announces-tool-in-new-systemd-version-to-replace-sudo.html>.
It is hard to write code that runs setuid, and sudo has had quite a
few security vulnerabilities over the years. So Poettering’s idea is
to replace the setuid executable with another use of the existing
PolicyKit system.
Interesting that Poettering thinks we should get rid of the whole idea
of setuid altogether. AT&T actually got a patent on the concept, back
in the early days of Unix. Other OSes had the concept of privileged
code, but what made setuid different is that any user can set this
mode on any executable they create, and when other users run this
executable (if they are allowed to), they temporarily get the
permissions of the owning user.
On Linux, this concept was always constrained a bit: I think it only
works on compiled machine-code executables, not on interpreted
scripts.