226
submitted 6 months ago by petsoi@discuss.tchncs.de to c/linux@lemmy.ml
top 50 comments
sorted by: hot top controversial new old
[-] furzegulo@lemmy.dbzer0.com 83 points 6 months ago

i'm fine with this nor do i have a problem with systemd in genereal

[-] Dracocide@lemm.ee 37 points 6 months ago

I never understood the hate, tbh. A lot of users don't even care if Sysd is used, as long as it works. So... Since the majority of distros use it... I think it works enough.

[-] Grangle1@lemm.ee 21 points 6 months ago

It seems to me to be mainly from people who are dedicated to the Unix philosophy that programs should do only one thing, and do it well. Tying everything up into systemd doesn't follow that. I don't care either, and I don't mind systemd, but some people care about it enough to throw paragraphs of hate on it wherever it's mentioned online. And apparently it's "bloat", and to some " bloat" is worse than the devil himself.

[-] Max_P@lemmy.max-p.me 32 points 6 months ago* (last edited 6 months ago)

If you dig deeper into systemd, it's not all that far off the Unix philosophy either. Some people seem to think the entirety of systemd runs as PID1, but it really only spawns and tracks processes. Most systemd components are separate processes that focus on their own thing, like journald and log management. It's kinda nice that they all work very similarly, it makes for a nice clean integrated experience.

Because it all lives in one repo doesn't mean it makes one big fat binary that runs as PID1 and does everything.

[-] optissima@lemmy.world 13 points 6 months ago* (last edited 6 months ago)

This is what turned me around: investigating and realizing that it is following the unix philosophy, it's just under the hood (under the other hood inside the bigger under the hood).

load more comments (2 replies)
load more comments (2 replies)
[-] gaael@lemmy.world 71 points 6 months ago

The article talks about sudo and doas being SUID binaries and having a larger attack surface than run0 would. Could someone ELI5 what this means?

[-] Max_P@lemmy.max-p.me 220 points 6 months ago

Basically, the SUID bit makes a program get the permissions of the owner when executed. If you set /bin/bash as SUID, suddenly every bash shell would be a root shell, kind of. Processes on Linux have a real user ID, an effective user ID, and also a saved user ID that can be used to temporarily drop privileges and gain them back again later.

So tools like sudo and doas use this mechanism to temporarily become root, then run checks to make sure you're allowed to use sudo, then run your command. But that process is still in your user's session and process group, and you're still its real user ID. If anything goes wrong between sudo being root and checking permissions, that can lead to a root shell when you weren't supposed to, and you have a root exploit. Sudo is entirely responsible for cleaning the environment before launching the child process so that it's safe.

Run0/systemd-run acts more like an API client. The client, running as your user, asks systemd to create a process and give you its inputs and outputs, which then creates it on your behalf on a clean process tree completely separate from your user session's process tree and group. The client never ever gets permissions, never has to check for the permissions, it's systemd that does over D-Bus through PolKit which are both isolated and unprivileged services. So there's no dangerous code running anywhere to exploit to gain privileges. And it makes run0 very non-special and boring in the process, it really does practically nothing. Want to make your own in Python? You can, safely and quite easily. Any app can easily integrate sudo functionnality fairly safely, and it'll even trigger the DE's elevated permission prompt, which is a separate process so you can grant sudo access to an app without it being able to know about your password.

Run0 takes care of interpreting what you want to do, D-Bus passes the message around, PolKit adds its stamp of approval to it, systemd takes care of spawning of the process and only the spawning of the process. Every bit does its job in isolation from the others so it's hard to exploit.

[-] KISSmyOSFeddit@lemmy.world 45 points 6 months ago
[-] Drusenija@lemmy.world 107 points 6 months ago

(I'll attempt this based on my understanding of both)

Pouring a cup of juice is something an adult needs to be involved with.

sudo is when you ask for permission to pour your own cup of juice. You ask an adult, they give you the cup and the juice, and then you're responsible for pouring it. If the adult isn't paying attention they may leave the fridge open for you to go back for more juice or another beverage, but otherwise you're limited to the amount of juice the adult has given you.

run0 is when the adult just gets you a cup of juice. You tell them what you want, they go and pour the juice, and just give you the cup with the juice in it. You never enter the kitchen, so you don't have access to the fridge, just your cup of juice.

[-] KISSmyOSFeddit@lemmy.world 34 points 6 months ago

This is an extremely good explanation.

load more comments (4 replies)
[-] Max_P@lemmy.max-p.me 34 points 6 months ago

Some executables are special. When you run them, they automagically run as root instead! But if sudo isn't very, very careful, you can trick it into letting you run things as root that you shouldn't be able to.

Run0 DM's systemd asking it to go fork a process as root for you, and serves as the middleman between you and the other process.

load more comments (1 replies)
[-] BaalInvoker@lemmy.eco.br 36 points 6 months ago

Dude, you need a prize for this comment. Very well explained!

[-] NuclearDolphin@lemmy.ml 20 points 6 months ago

Sounds good in theory.

But I've had so many issues with D-Bus fucking shit up on my systems that I'd be very reluctant to hinge my only way of recovering from failures upon something so brittle.

Granted, D-Bus hasn't given me any trouble since moving to NixOS. The hell of trying to recover my arch systems from a perpetually failing D-Bus would make me very apprehensive to adopt this. I could see myself using run0 by default, but keeping sudo-rs or doas around with a much stricter configuration as a failsafe until the run0 + D-Bus + PolKit is absolutely stable and bulletproof.

load more comments (2 replies)
[-] Blisterexe@lemmy.zip 14 points 6 months ago

Thank you, i didnt really understand what this was about ubtil now

load more comments (5 replies)
[-] Para_lyzed@lemmy.world 23 points 6 months ago* (last edited 6 months ago)

SUID stands for Set User ID. An SUID binary is a file that is always run with the UID of the owner user (almost always root). Note that this does not require that the user running them has root permissions, the UID is always changed. For instance, the ping command needs to set up network sockets, which requires root permissions, but is also often used by non-root users to check their network connections. Instead of having to sudo ping, any normal user is able to just run ping, as it uses SUID to run as the root user. sudo and doas also require functions that necessitate them running as root, and so if you can find out how to exploit these commands to run some arbitrary code without having to authenticate (since authentication happens after the binary has started running), there is a potential for vulnerabilities. Specifically, there is the privilege escalation, which is one of the most severe types of vulnerabilities.

run0 starts using systemd-run, which does not use SUID. Instead, it runs with the permissions of the current user, and then authenticates to the root user after the binary has already started to run. systemd-run contacts polkit for authentication, and if it succeeds, it creates a root PTY (pseudo-terminal/virtual terminal), and sends information between your session and the root PTY. So this means that in order to achieve privilege escalation with run0 as root, you have to actually authenticate first, removing the "before authentication" attack surface of sudo and doas.

TL;DR SUID binaries will always run as the owner (usually root), even before any form of authentication. run0 will start with the permissions of the current user, and then authenticate before running anything with root permissions.

load more comments (3 replies)
[-] m4@kbin.social 52 points 6 months ago

Coming up: systemd-antivirusd

[-] bruhduh@lemmy.world 27 points 6 months ago* (last edited 6 months ago)

Hear me out, breathes in, "Linux defender"

[-] twei@discuss.tchncs.de 12 points 6 months ago

Linux Defender for Torvalds365

load more comments (1 replies)
load more comments (2 replies)
[-] jaypatelani@lemmy.ml 49 points 6 months ago

SystemD looks to replace Linux kernel with kern0

[-] laurelraven@lemmy.blahaj.zone 20 points 6 months ago

I’d just like to interject for a moment. What you’re referring to as Linux, is in fact, SystemD/Linux, or as I’ve recently taken to calling it, SystemD plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning SystemD system made useful by the SystemD corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.

Many computer users run a modified version of the SystemD system every day, without realizing it. Through a peculiar turn of events, the version of SystemD which is widely used today is often called Linux, and many of its users are not aware that it is basically the SystemD system, developed by the SystemD Project.

There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine’s resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the SystemD operating system: the whole system is basically SystemD with Linux added, or SystemD/Linux. All the so-called Linux distributions are really distributions of SystemD/Linux!

load more comments (1 replies)
[-] neutron@thelemmy.club 11 points 6 months ago

So we'll have to say GNU/Linux/SystemD soon?

load more comments (2 replies)
[-] arran4@aussie.zone 48 points 6 months ago

Sounds reasonable. But I don't like the 0 in the name.

load more comments (1 replies)
[-] yozul@beehaw.org 45 points 6 months ago

This is fine, but why does everything need to be part of Systemd? Like, seriously, why can't this just be an independent project? Why must everything be tied into this one knot of interdependent programs, and what's going to happen to all of them when the people who are passionate about it and actually understand all the stupid ways they interrelate move on with their lives? Are we looking at the formation of the next Xorg? Will everybody being scrambling to undo all of this in another 20 years when we all realize it's become an unmaintainable mess?

[-] melmi@lemmy.blahaj.zone 33 points 6 months ago* (last edited 6 months ago)

Systemd does a lot of things that could probably be separate projects, but run0 is an example of something that benefits from being a part of systemd. It ties directly into the existing service manager to spawn new processes.

load more comments (9 replies)
[-] LeFantome@programming.dev 24 points 6 months ago

It seems a fairly explicit goal of systemd to redefine Linux as a unified platform rather than as a kernel that can run any one of many implementations of many different services. I assume this is not just the systemd lead but also a goal of Red Hat.

Personally, while I am ok with systemd defining itself as a single source for all this functionality, I hate that they are taking away ( or making it hard at least ) to have independent implementations of these services.

What Chinera is doing with dinit and turnstile is really interesting. It would be nice to have feature comparable approaches to the systemd monolith that distributions could choose from.

load more comments (1 replies)
load more comments (2 replies)
[-] eugenia@lemmy.ml 35 points 6 months ago

I personally don't have a problem with run0 over sudo, however, I don't want to have to remember to use a different command on the terminal. Just rename it "sudo", and do the new stuff with it. Just don't bother me having to remember new commands.

[-] technom@programming.dev 16 points 6 months ago* (last edited 6 months ago)

You can uninstall the sudo application and add sudo as an alias for run0 in your shell initialization script. That's better than them renaming run0 to sudo, because that will prevent people from running the real sudo if they want it.

load more comments (1 replies)
[-] jeremyparker@programming.dev 32 points 6 months ago* (last edited 6 months ago)

Me: Oh, I get it, this "Lemmy" website -- it's like The Onion but for nerds?

My fellow lemmings: No, they're serious. run0 is real.

Me: Hah. The Onion, but for nerds! I love it.

[-] Fizz@lemmy.nz 29 points 6 months ago

Sounds good. It's a win win. People that doesn't like the system d implementation can use doas or keep sudo. I Hate the name though. Run0 is dumb can't they just steal the name doas

[-] loops@beehaw.org 30 points 6 months ago

I'll just use an alias; sudo has been around for to long for me to change it and not be stressed about it.

[-] codapine@lemm.ee 28 points 6 months ago

Reminds me of when I aliased 'man' to 'rtfm'

load more comments (11 replies)
[-] Para_lyzed@lemmy.world 23 points 6 months ago* (last edited 6 months ago)

Well, since doas has a Linux implementation, stealing that name would cause lots of issues to users who already use it or want to use doas instead of run0. This will be a default part of systemd; not a new package. The reason it's called run0 is because it's just a symbolic link to systemd-run, and instead of executing as an SUID binary, like sudo or doas, it runs using the current user's UID.

[-] pipows@lemmy.today 29 points 6 months ago

Will this be an integral part of systemd, or will they release it as a separate thing? I mean, if I like it, but I'm not using systemd (I do use it, but I'm just thinking about it), could I use this run0 (horrible name) without having to buy into all of systemd?

[-] brunacho@scribe.disroot.org 32 points 6 months ago

it's just a link to systemd-run which is a part of systemd, i doubt it works separately.

but, if you use s6 as an alternative init system, s6-sudo is a somewhat equivalent aproach to how run0 works (instead of systemd-run it calls s6-ipcclient)

[-] Heavybell@lemmy.world 13 points 6 months ago

The article says it works by messaging systemd to run the process as the given user, rather than being a SUID binary. So it wouldn't work without systemd.

load more comments (2 replies)
[-] penquin@lemmy.kde.social 19 points 6 months ago

Lol. Right after Microsoft added sudo to windows.

[-] tabular@lemmy.world 38 points 6 months ago

That wasn't the "sudo", MS just named something else "sudo".

load more comments (1 replies)
load more comments
view more: next ›
this post was submitted on 09 May 2024
226 points (95.6% liked)

Linux

48335 readers
1328 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS