Systemd v256 Introduces run0: A Safer Alternative to sudo

Lennart Poettering reveals run0 in systemd v256, a fresh take on secure privilege escalation, aiming to phase out traditional SUID binaries.

The sudo command is widely regarded as a fundamental tool in our everyday Linux operations, so much so that we almost take its presence for granted. But what if I told you that its days might well be numbered, and new versions of systemd may mark the beginning of its sunset? No, I’m not rambling. Here’s what it’s all about.

In his latest post, Lennart Poettering, the mastermind behind systemd, shares a thoughtful critique and robust replacement for the longstanding sudo command.

He argues that the core issue with sudo lies in its SUID nature, which allows a process to execute with elevated privileges partially controlled by unprivileged code, demanding meticulous manual cleanup—a recipe for potential security breaches.

“I personally think that the biggest problem with sudo is the fact it’s a SUID binary though – the big attack surface, the plugins, network access and so on that come after it it just make the key problem worse…”

In light of this, his vision for a more secure system involves completely eliminating SUID binaries, pushing for an architecture where privileged code operates independently of unprivileged interference.

“So, in my ideal world, we’d have an OS entirely without SUID. Let’s throw out the concept of SUID on the dump of UNIX’ bad ideas. An execution context for privileged code that is half under the control of unprivileged code and that needs careful, manual clean-up is just not how security engineering should be done in 2024 anymore.”

Enter run0, systemd’s latest innovation slated for release in v256. It is not just a new tool but a reimagined systemd-run, accessible via a symlink, that mimics sudo without actually being an SUID binary.

It operates by requesting the service manager to execute commands under the target user’s UID, creating a new PTY (pseudoterminal), and transferring data between the original TTY and this PTY.

This setup ensures that the command executes in an isolated environment, freshly forked off from PID 1, without inheriting any problematic context from the client.

Moreover, run0 eschews traditional configuration complexities by utilizing polkit for authorization, streamlining user interactions, and further securing the execution process.

The tool also adds a touch of user-friendly flair: when operating with elevated privileges, it modifies the terminal background to a reddish hue, serving as a visual cue of one’s elevated status—a simple yet effective reminder to manage privileges responsibly.

In conclusion, one thing is certain—this will spark further debate within the Linux community. Another certainty is that systemd v256 is now 88% complete, with little left until its final stable release. And what will happen after that remains to be seen.

For detailed information, here is Poettering’s post.

Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

Think You're an Ubuntu Expert? Let's Find Out!

Put your knowledge to the test in our lightning-fast Ubuntu quiz!
Ten questions to challenge yourself to see if you're a Linux legend or just a penguin in the making.

1 / 10

Ubuntu is an ancient African word that means:

2 / 10

Who is the Ubuntu's founder?

3 / 10

What year was the first official Ubuntu release?

4 / 10

What does the Ubuntu logo symbolize?

5 / 10

What package format does Ubuntu use for installing software?

6 / 10

When are Ubuntu's LTS versions released?

7 / 10

What is Unity?

8 / 10

What are Ubuntu versions named after?

9 / 10

What's Ubuntu Core?

10 / 10

Which Ubuntu version is Snap introduced?

The average score is 68%