Hacker News new | ask | show | jobs
by ranger207 414 days ago
Given that Ubuntu uses systemd like the vast majority of Linux systems nowadays, how does sudo-rs differ from run0?
4 comments
fweimer 414 days ago
You might not have a systemd instance inside a container, but you still might want to switch user IDs there.
link
Vilian 413 days ago
Podman has systemd inside, you can run0 in it
link
fweimer 412 days ago
Surely that depends on the container? Podman doesn't artificially inject a systemd process as PID 1 by default.
link
yjftsjthsd-h 413 days ago
Not all containers are on podman
link
Vilian 413 days ago
The Lennart post about it explain it https://mastodon.social/@pid_eins/112353324518585654

He was comparing to "normal" sudo, but sudo-rs have the same problems he highlighted anyway

link
paulddraper 414 days ago
sudo-rs uses setuid.

run0 does not (and instead relies on systemd).

---

To answer your next question: setuid, while historic, is a bit weird, and is disabled in some environments, e.g. NoNewPrivileges.

link
hedora 414 days ago
sudo-rs doesn’t gratuitously require a root privilege daemon that regularly ships filesystem destruction and remote unauthenticated arbitrary code execution bugs.

If your bar is “I’ll tolerate such crap”, you may as well run your desktop session as root.

link
zahlman 414 days ago
If sudo does this, as you imply, why do Linux system still exist that are not part of a botnet?
link
paulddraper 414 days ago
Implication is that systemd does this, not sudo.
link
Vilian 413 days ago
Nice technical argument, did Lennart bite you while you where sleeping?
link