2024-05-09 09:26:37
Systemd‘s lead developer, Lennart Poettering, published in Mastodon about their upcoming v256 version of Systemd, which is expect it to include a sudo replacement called “run0 “. The developer talks about the weaknesses of sudo and how it has a large possible attack surface. For example, sudo supports network access, LDAP configurations, other types of plugins, and much more. But most importantly, its SUID binary provides a great attack service according to Lennart: “Personally I think the biggest problem with sudo is the fact that it is a SUID binary: the large attack surface, the plugins, the access to the network, etc. come later, they only make the key problem worse, but they are not in themselves the main problem with SUDO processes, they are foreign concepts: they are invoked by unprivileged code and inherit the execution context intended and controlled by the unprivileged code. privileges. I’m referring to the large number of properties that a process has in Linux today, from environment variables, process scheduling properties, cgroup assignments, security contexts, passed file descriptors, etc.
Lennart Poettering says that sudo is a decades-old Unix concept, and that there should be a better privilege escalation system by 2024 security standards: “So in my ideal world, we would have a completely SUID-less operating system. Let’s throw out the SUID concept in the UNIX bad ideas dump An execution context for privileged code that is half under the control of unprivileged code and needs careful manual cleanup is no longer the way cleanup should be done. security engineering in 2024.” […]
He also mentioned that there will be more features in run0 that are not only related to the security backend, such as: “The tool is also much more fun to use than sudo. For example, by default, it dyes your terminal background in a shade reddish while you are operating with elevated privileges. This is supposed to act as a friendly reminder that you have not yet relinquished the privileges and marks the exit of all commands that were executed with the appropriate privileges. It also inserts a red dot (unicode ftw. ) in the window title while operating with privileges and release it afterwards.”
#Systemd #announces #sudo #run0 #alternative