Idk

Systemd has always been about “don’t ask questions or well call you obstructionist and old”.

Looking at the implementation, it doesn’t really implement sudoers or tools like sudoedit in any way. systemd-run has already been an existing tool for quite some time and this is really just a different CLI for it. That tool asks systemd to make a temporary new service and immediately run it. That, in turn, requires blanket yes/no approval for org.freedesktop.systemd1.manage-units via polkit.

So with run0, you can either do everything or you can do nothing. In-betweens are just not a thing at the moment. There’s very little new backend code running as root.

run0 bash should behave very similar to something like systemd-run --uid=0 --gid=0 --wait --same-dir --send-sighup --pty --pipe --collect bash and the majority of those options have been available for quite a while.

sudo is overkill for most users tbh

invoking them is kind of a pain, my sole experience with it was meson/ninja using it but then that default was removed and I’ve never been able to put it back to satisfy my curiosity of how it’s done

The attack surface will be a systemd daemon running with UID=0 instead, because how else are you going to hand out root privileges?

So it doesn’t really change anything to the attack surface, it just moves it to a different location.

This is great. Not having the attack surface of sudo (and not even being a SUID binary) certainly are great additions.

And I hope people realize that systemd is not one large thing, but a (large) collection of tools.

XZ-utils rings a bell ? It was among others Debian wanting to pull in part of a systemd tool into openssh and that almost turned into a world wide disaster :(

Kinda feels like writing a script that implements the sudo CLI but calls pkexec would be an easier way to do it. Given that so many systems already come with both sudo and pkexec, do we really need yet another option?

I’ve had to scroll down eight pages to find a post that seems to actually address the good points raised in the article.

that systemd is not one large thing, but a (large) collection of tools.

Who don’t work without Systemd. And Systemd can’t coexist with tools in the same repo doing the same job in a portable way.

I think Chimera was it (?) which tried to have Systemd and Runit and others in the same repo. With lots of wrappers and shims. Not because of Runit & co.

I wonder if this is still true, now that he no longer works for RedHat, but Microsoft.

Why wouldn’t Fedora do that? Decisions are decided by multiple people, they are not forced through or just decided unilaterally by one person.

Enough people in Fedora try to improve the low level stuff. I’m looking forward to that homedir systemd stuff. Don’t care about this sudo alternative.

@Olap
I agree. As someone who uses systemd on daily basis (I use Arch, BTW 😄) I really like it, but I am a bit worried about it being a single point of attack. Maybe just push doas as default instead? I never used doas but I watched few videos about it, so I guess it’s fine and probably better than sudo (less bloated).
Just my few cents.

When does systemd stop?

“systemd announces a repleacement module for the kernel”

SystemD will consume the entirety of Linux, bit by bit.

• In 2032, SystemD announces they’re going to be introducing a new way to manage software on Linux
• In 2035, SystemD will announce they’re making a display system to replace the ageing Wayland
• In 2038, the SystemD team announces they’re making their own desktop environment
• In 2039 SystemD’s codebase has grown to sixteen times its size in the 2020s. SystemD’s announces they’re going to release replacements for most other packages and ship their own vanilla distro.
• In 2045 SystemD’s distro has become the standard Linux distribution. Most other distros have quietly faded away.
• In 2047, SystemD announces they’re going to incorporate most of GNU into SystemD. Outrage ensues from the Free Software Foundation, which vehemently opposes this move.
• In 2048, Richard Stallman dies of a heart attack after attempting to clone SystemD’s git repo. SystemD engages in a hostile takeover and all resistance within the FSF crumbles
• In 2050, SystemD buys the struggling RedHat from IBM for $61 million.
• In 2053, most world governments have been pressured into using SystemD.
• In 2054, Linus Torvalds, fearing for his life, begins negotiations to merge kernel development into SystemD
• In 2056, the final message on the Linux kernel development mailing list is sent.
• In 2058, Torvalds dies under suspicious circumstances after his brand-new laptop battery explodes.
• In 2060, SystemD agents assassinate the CEO of Microsoft.
• In 2063, after immense pressure from SystemD-controlled human rights organisations, Arch developers discontinue development.
• In 2064, the remaining living Debian developers release the next stable version of their clandestine and highly illegal distro.

By this logic the Linux kernel is also a single point of failure and attack vector.

sudo isn’t going away, so does doas. run0 is just another alternative to use or not.

There are still distribution out there without systemd and if there ever won’t be any systemd-free distributions left and systemd would become a critical part of the Linux ecosystem, then it would get the same treatment as the Linux kernel with many professional maintainers.

Systemd is a bit of a hassle to be rid off, but thankfully it’s not actually that hard, the hardest part I found was converting systemd services to whatever init system I use.

Gentoo, Slackware and Devuan can be used without svchost for linux.

They’ll only stop when they rebrand it to systemd OS.

It stopped being secret a couple of years ago.

This isn’t exactly a “new” attack surface, so removing the attack surface that sudo (and alternatives) is, is probably a net positive.

Gentoo LET’S GO

and Guix

Or you can use a doas implementation like OpenDoas, or maybe sudo-rs…

And there’s also doas which is a nice substitute.

I’m not a fan of having root be able to actually login.

Even more so in a true multiuser env where I would rather have privilege escalation be more granular (certain user/groups can esculate certain actions but not others, maybe even limit options of a cmd).

But systemd is modular. They make an offer and distro maintainers and admins get to choose which parts to use

systemd’s feature creep is only surpassed by that of emacs.

Tomorrow’s headline: emacs wants to expand to include a Sudo replacement

In theory it isn’t mandatory, in practice you will see a lot of distros replacing it.

It’s the same drama as with the home directory replacement they announced and that no-one ever used.

systemd is more of a set of products and software components branded under a single name rather than a single thing.
systemd itself is rather simple, as most other pieces systemd-* software, like systemd-boot, systemd-networkd and systemd-resolvd. these are usually more stable and less bloated than more popular alternatives

You can’t think of it a single massive project. It’s actually lots of small components.

We could argue the linux kernel is bloated too. The reality is though, provided the project is designed to be modular (as SystemD is), it actually makes sense to keep it together, to ensure there is a standard base and all the components are synchronised fully with their API’s.

It also saves distro’s a lot of effort.

Why have it do everything?

Isn’t the guy behind systemd a (former?) Microsoft employee? I feel as though that might offer a clue as to why the trajectory towards bloat.

I can understand that it makes it easier to add changes that would benefit systemd and distros in general. I read that they introduced run0 to solve long shortcomings of sudo (I’m not aware of which). That sounds logical.

I read the original mastodon post by the developer of run0 and I am still don’t understand what the problem with SUID is.

Whats an example of an attack that would work with sudo and doas (which also uses SUID) and not on run0?

Agreed, this is a nice inclusion. I also hate sudoers with a passion - I already use doas but it’s not standard (in the Linux world anyway), but with systemd providing an alternative means that it’ll become a standard which most distros would adopt, and I hope this means we can finally ditch the convoluted sudoers file once and for all.