226
submitted 6 months ago by petsoi@discuss.tchncs.de to c/linux@lemmy.ml
you are viewing a single comment's thread
view the rest of the comments
[-] gaael@lemmy.world 71 points 6 months ago

The article talks about sudo and doas being SUID binaries and having a larger attack surface than run0 would. Could someone ELI5 what this means?

[-] Max_P@lemmy.max-p.me 220 points 6 months ago

Basically, the SUID bit makes a program get the permissions of the owner when executed. If you set /bin/bash as SUID, suddenly every bash shell would be a root shell, kind of. Processes on Linux have a real user ID, an effective user ID, and also a saved user ID that can be used to temporarily drop privileges and gain them back again later.

So tools like sudo and doas use this mechanism to temporarily become root, then run checks to make sure you're allowed to use sudo, then run your command. But that process is still in your user's session and process group, and you're still its real user ID. If anything goes wrong between sudo being root and checking permissions, that can lead to a root shell when you weren't supposed to, and you have a root exploit. Sudo is entirely responsible for cleaning the environment before launching the child process so that it's safe.

Run0/systemd-run acts more like an API client. The client, running as your user, asks systemd to create a process and give you its inputs and outputs, which then creates it on your behalf on a clean process tree completely separate from your user session's process tree and group. The client never ever gets permissions, never has to check for the permissions, it's systemd that does over D-Bus through PolKit which are both isolated and unprivileged services. So there's no dangerous code running anywhere to exploit to gain privileges. And it makes run0 very non-special and boring in the process, it really does practically nothing. Want to make your own in Python? You can, safely and quite easily. Any app can easily integrate sudo functionnality fairly safely, and it'll even trigger the DE's elevated permission prompt, which is a separate process so you can grant sudo access to an app without it being able to know about your password.

Run0 takes care of interpreting what you want to do, D-Bus passes the message around, PolKit adds its stamp of approval to it, systemd takes care of spawning of the process and only the spawning of the process. Every bit does its job in isolation from the others so it's hard to exploit.

[-] KISSmyOSFeddit@lemmy.world 45 points 6 months ago
[-] Drusenija@lemmy.world 107 points 6 months ago

(I'll attempt this based on my understanding of both)

Pouring a cup of juice is something an adult needs to be involved with.

sudo is when you ask for permission to pour your own cup of juice. You ask an adult, they give you the cup and the juice, and then you're responsible for pouring it. If the adult isn't paying attention they may leave the fridge open for you to go back for more juice or another beverage, but otherwise you're limited to the amount of juice the adult has given you.

run0 is when the adult just gets you a cup of juice. You tell them what you want, they go and pour the juice, and just give you the cup with the juice in it. You never enter the kitchen, so you don't have access to the fridge, just your cup of juice.

[-] KISSmyOSFeddit@lemmy.world 34 points 6 months ago

This is an extremely good explanation.

[-] caseyweederman@lemmy.ca 2 points 6 months ago
[-] magnor@lemmy.magnor.ovh 19 points 6 months ago

Gagagoogoo Gagaga

[-] vrighter@discuss.tchncs.de 11 points 6 months ago

when in need, cry out for mommy!

[-] Drusenija@lemmy.world 6 points 6 months ago

caseyweederman is not in the sudoers file. This incident will be reported.

load more comments (5 replies)
load more comments (15 replies)
load more comments (19 replies)
this post was submitted on 09 May 2024
226 points (95.6% liked)

Linux

48182 readers
1119 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS