- cross-posted to:
- linux@programming.dev
- ancap shark ( @pipows@lemmy.today ) 125•5 months ago
What you’re refering to as Linux, is in fact, Systemd/Linux, or as I’ve recently taken to calling it, Systemd + Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning Systemd system made useful by the Systemd corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX
- sunbeam60 ( @sunbeam60@lemmy.one ) 23•5 months ago
🤣
- Jay🚩 ( @jaypatelani@lemmy.ml ) 4•5 months ago
Thanks to BSDs we have sane alternatives :)
- BlackEco ( @BlackEco@lemmy.blackeco.com ) 81•5 months ago
Soon we will have to call it GNU/systemd/Linux
- Emma_Gold_Man ( @Emma_Gold_Man@lemmy.dbzer0.com ) 39•5 months ago
Nah. Replacing the kernel is probably planned for the next point release - it’ll just be GNU/systemd
- Lexi Sneptaur ( @Sneptaur@pawb.social ) English36•5 months ago
Systemd makes life easy. It also makes Linux more teachable. I like accessibility and don’t even mind this
- lengau ( @lengau@midwest.social ) 2•5 months ago
I’m not on the systemd hate train by any means, but I don’t understand how this is any improvement over
pkexec
- NekkoDroid ( @NekkoDroid@programming.dev ) 2•5 months ago
I don’t understand how this is any improvement over pkexec
That has the same problem as
sudo
: the SUID bit is set for it.The fact that
run0
uses polkit is more of a byproduct that this kinda authentication is already done with polkit all over the place in systemd. You can have individual subcommand accessible to different users (for example everyone cansystemctl status
, butsystemctl reboot
needs to be in thewheel
group) which is why its generally used within systemd already. And it wouldn’t surprise me if again you can do it with this as well, limiting what commands can unconditionally run, need prompt or are completely blocked. - pingveno ( @pingveno@lemmy.ml ) English1•5 months ago
I’m unclear from the documentation, does pkexec work under non-GUI contexts?
- lengau ( @lengau@midwest.social ) 3•5 months ago
As long as you have polkit setup to work in terminal sessions, yes. This is pretty standard these days, though not particularly widely used.
- mudle ( @mudle@lemmy.ml ) 1•5 months ago
Or as I’ve taken to calling it, GNU+systemd+Linux.
- dotslashme ( @dotslashme@infosec.pub ) English44•5 months ago
Not that I’m opposed to a better sudo alternatives, but I find it rather ironic that one of the reason stated is the large attack surface, considering systemd is a massive attack surface already.
- NekkoDroid ( @NekkoDroid@programming.dev ) 20•5 months ago
This isn’t exactly a “new” attack surface, so removing the attack surface that
sudo
(and alternatives) is, is probably a net positive.- jkrtn ( @jkrtn@lemmy.ml ) 4•5 months ago
That attack surface is not vanishing. It’s would be relocating the same attack surface to something that might have an xz library in memory.
- NekkoDroid ( @NekkoDroid@programming.dev ) 3•5 months ago
- The attack surface is there either way, this is just functionality repackaged that existed already before (
systemd-run
, which is calling into PID1) - all compression libraries (actually most libraries at this point) are
dlopen
ed on demand (which was planned even before the attack, which is speculated that the attack was accelerated in timeline because he was on a timer before the change was released)
- The attack surface is there either way, this is just functionality repackaged that existed already before (
- SuperSpruce ( @SuperSpruce@lemmy.zip ) 40•5 months ago
I’m no Linux expert, but I’ve never had any problems with sudo, it just works. Shouldn’t systemd have higher priorities on their mind? This feels like change for the sake of change. And if this does happen, I sincerely hope that it just works, like sudo.
- Kwdg ( @Kwdg@discuss.tchncs.de ) 25•5 months ago
I think the article (or more Lennart Poertting post) explains it quite nicely. The problem with sudo is that the sudo binary itself has the ability to gane elevated privileges which is a potential attack surface
- 0x2d ( @0x2d@lemmy.ml ) 35•5 months ago
feature creep
- nifoc ( @nifoc@lemm.ee ) English33•5 months ago
This is great. Not having the attack surface of
sudo
(and not even being a SUID binary) certainly are great additions.And I hope people realize that
systemd
is not one large thing, but a (large) collection of tools.- DefederateLemmyMl ( @SpaceCadet@feddit.nl ) English25•5 months ago
The attack surface will be a systemd daemon running with UID=0 instead, because how else are you going to hand out root privileges?
So it doesn’t really change anything to the attack surface, it just moves it to a different location.
- Kwdg ( @Kwdg@discuss.tchncs.de ) 3•5 months ago
That already exists.
systemd-run
is already available today. So the attack surface would be smaller- DefederateLemmyMl ( @SpaceCadet@feddit.nl ) English4•5 months ago
Not really, because you’re now going to make it do more, i.e. incorporate the functionality of sudo and expose it to user input. So unless you can prove that the newly written code is somehow inherently more secure than sudo’s existing code, the attack surface is exactly the same.
- MonkderDritte ( @MonkderDritte@feddit.de ) 15•5 months ago
that
systemd
is not one large thing, but a (large) collection of tools.Who don’t work without Systemd. And Systemd can’t coexist with tools in the same repo doing the same job in a portable way.
I think Chimera was it (?) which tried to have Systemd and Runit and others in the same repo. With lots of wrappers and shims. Not because of Runit & co.
- lemmyreader ( @lemmyreader@lemmy.ml ) English3•5 months ago
Right. That reminds of the time I was visiting a friend who had broken his Linux computer (No, not “apt-get remove --purge systemd” but they did something slightly similar). When I booted from a live Linux, used chroot and wanted to use configure networking : FAIL because systemd was … not running. As he had no Internet because of his broken machine this caused some delays in fixing this but we got the job done eventually.
- lemmyreader ( @lemmyreader@lemmy.ml ) English9•5 months ago
This is great. Not having the attack surface of sudo (and not even being a SUID binary) certainly are great additions.
And I hope people realize that systemd is not one large thing, but a (large) collection of tools.
XZ-utils rings a bell ? It was among others Debian wanting to pull in part of a systemd tool into openssh and that almost turned into a world wide disaster :(
- boredsquirrel ( @boredsquirrel@slrpnk.net ) 7•5 months ago
I didnt understand that sentence. Is that what you meant?
Among other things, Debian wanted to integrate a part of the systemd tools into openssh, which almost led to a worldwide catastrophe
xz is not part of systemd or openssh afaik.
- lemmyreader ( @lemmyreader@lemmy.ml ) English10•5 months ago
You didn’t follow the XZ-utils story ? The malicious actor worked for years on that XZ backdoor that targeted the fact that some Linux distributions were modifying their openssh package to enable systemd notifications.
- boredsquirrel ( @boredsquirrel@slrpnk.net ) 3•5 months ago
Ok true, it was a systemd dependent issue. But it only makes sense to have those notifications. The problem is dependency on small hardly maintained products, which systemd will improve by centralizing it.
- Macros ( @Macros@feddit.de ) 3•5 months ago
And where do maintainers for the new parts of systemd come from? The larger systemd grows the more parts of it will be neglected. Also in regard to people checking commits, opening up doors for exploits like the one in xz.
- boredsquirrel ( @boredsquirrel@slrpnk.net ) 1•5 months ago
I dont know but for sure has pros and cons
- lemmyreader ( @lemmyreader@lemmy.ml ) English1•5 months ago
But it only makes sense to have those notifications.
Maybe in your mind it makes sense. Going for ease of use rather than security is not something that OpenBSD would quickly do. If you read some more about what “jwz” has to say about all the screensaver bugs in Linux, like here : https://www.jwz.org/blog/2021/01/i-told-you-so-2021-edition and realize what a mess that Linux maintainers are making again and again, and then have a look at Debian and their packaging of xscreensaver. Guess what ? Debian added some systemd thingie to xscreensaver. 🤯
I like Debian since a long time and I use it. But the tinkering of Debian package maintainers and always wanting to do things the Debian way is not something I am always very pleased with. Remember the OpenSSL Debian fiasco ? That shows a problem with Debian which may still exist. Too many packages, not enough maintainers with enough spare time, and no coherent team work of a security team.
- boredsquirrel ( @boredsquirrel@slrpnk.net ) 1•5 months ago
You are talking about Debian holding back random packages for stability. This is of course not very cool but it needs to be tested.
I am very much in favor of isolate app environments controlled by upstream devs, containerized and with a permission system. The system is made by the distro, and can be stable and very tested, and the apps are simply isolated and made by upstream.
There is no xscreensaver on Wayland and I think this will not come back?
- digdilem ( @digdilem@lemmy.ml ) 2•5 months ago
I’ve had to scroll down eight pages to find a post that seems to actually address the good points raised in the article.
- lengau ( @lengau@midwest.social ) 1•5 months ago
Kinda feels like writing a script that implements the
sudo
CLI but callspkexec
would be an easier way to do it. Given that so many systems already come with bothsudo
andpkexec
, do we really need yet another option?- chameleon ( @chameleon@kbin.social ) 3•5 months ago
The point of this is to implement some form of privilege escalation without the SUID mechanism.
sudo
,pkexec
anddoas
are all SUID.
- vsis ( @vsis@feddit.cl ) English31•5 months ago
Oh, it’s gonna use polkit. Sudo bloat is a grain of sand compared to polkit.
Why people want to replace sudo with polkit? Visudo is no near as obscure as configuring polkit.
I hope distro maintainers don’t follow this.
- lengau ( @lengau@midwest.social ) 7•5 months ago
…is
pkexec
not good enough already as a polkit based sudo replacement? Why would one need to systemd-ify that? - john89 ( @john89@lemmy.ca ) 3•5 months ago
First thing I do with any new desktop installation is disable polkit prompts.
Fuck having to enter my password every time I want to do something.
- caseyweederman ( @caseyweederman@lemmy.ca ) 1•5 months ago
Hey uh can I get your IP address real quick? I have a strong suspicion your philosophy extends to your network ports.
- john89 ( @john89@lemmy.ca ) 1•5 months ago
You’d be wrong about that.
Edit: he just downvotes me instead of admitting he’s wrong about his assumption, lol.
- voxel ( @vox@sopuli.xyz ) 2•5 months ago
I just treat polkit as “set it and forget” kind of thing and leave it on defaults, I’d rather spend my time on something more important
- gandalf_der_12te ( @gandalf_der_12te@discuss.tchncs.de ) 28•5 months ago
I honestly started out not liking systemd at all, mostly due to the reports that it did waaay to much, but nowadays, I like the concept.
It is basically officially moving daemon management from a script-based approach to a table/database-based approach. That improves static analyzability, therefore increasing clarity, and probably even performance.
I agree that we should abandon scripts and move towards declarative software management, and abandoning
sudo
for a more declarative system seems like a good step to me. - sabreW4K3 ( @sabreW4K3@lazysoci.al ) 28•5 months ago
Surprised people aren’t moaning about systemd being too big already and still wanting to do more.
- macniel ( @DmMacniel@feddit.de ) 20•5 months ago
It’s too big!
- sabreW4K3 ( @sabreW4K3@lazysoci.al ) 5•5 months ago
😂
- TGhost [She/Her] ( @TGhost@lemmy.ml ) 6•5 months ago
SPoF !!! Ahhhhh we all dead
- bloodfart ( @bloodfart@lemmy.ml ) 28•5 months ago
Systemdeez nuts
- henfredemars ( @henfredemars@infosec.pub ) English2•5 months ago
Gentleman and scholar
- onlinepersona ( @onlinepersona@programming.dev ) English26•5 months ago
There’s a rewrite of sudo happening in rust, but he wants to throw out the SUID idea altogether?
when invoked under the “run0” name (via a symlink) it behaves a lot like a sudo clone. But with one key difference: it’s not in fact SUID. Instead it just asks the service manager to invoke a command or shell under the target user’s UID. It allocates a new PTY for that, and then shovels data back and forth from the originating TTY and this PTY.
That sounds like opening up the door to what windows is doing UAC and the wonderful vulnerability that the GOG Launcher had for privilege escalation.
I’m not a security researcher, but giving arbitrary users the ability to tel PID 1 to run a binary of the user’s choosing is… probably not what Pottering is suggesting, but opens up to such vulnerabilities. And if it’s written in C/C++ my trust is further reduced.
- barsoap ( @barsoap@lemm.ee ) 4•5 months ago
Giving users access to PID1 running binaries, giving users access to the kernel running binaries as root, I don’t see much difference. SUID was notorious in the past for being leaky, it only ended when distros got serious about fencing use of it in, giving it only to programs actually needing it, making sure that they drop privilege properly, etc.
If anything I’m in the PID1 camp because it’s more microkernely. But in any case broader userspace shouldn’t really care about the mechanism, only have an API to do it and that API being a bit in the file permissions is soooo 1960s.
- ulkesh ( @ulkesh@beehaw.org ) English2•5 months ago
And if it’s written in C/C++ my trust is further reduced.
Do you trust Linux? Because if so, have I got news for you.
- shirro ( @shirro@aussie.zone ) English2•5 months ago
Wait until they hear the language used to implement OpenBSD. Imagine being one of the authors of seL4 encountering a member of the rust cult.
- BlanK0 ( @BlanK0@lemmy.ml ) 23•5 months ago
The meme is becoming a reality. Systemd really is going to try to be everything lmao
- corsicanguppy ( @corsicanguppy@lemmy.ca ) 17•5 months ago
AlwaysHasBeen.jpg
- Jears ( @jeremias@social.jears.at ) 20•5 months ago
So I don’t even use systemd myself I run OpenRC. Yet honestly I find the idea quite intriguing, having the service manager (PID 1) invoke the command seems like a cool idea to me.
It’s not really a sudo alternative as much as it is another way of doing something similar.
- MonkderDritte ( @MonkderDritte@feddit.de ) 19•5 months ago
I’m not surprised. Not surprised at all. (scope creep)
- drwankingstein ( @drwankingstein@lemmy.dbzer0.com ) English17•5 months ago
This is why people don’t like systemd…
- Shareni ( @Shareni@programming.dev ) 5•5 months ago
Systemd monolith - worst thing to have ever happened to Linux
Wayland monolith - best thing to have ever happened to Linux
- d_k_bo ( @d_k_bo@feddit.de ) 18•5 months ago
Wayland monolith
There seems to be misunderstanding about what Wayland is.
Wayland is set of protocols. They are implemented by wayland servers (compositors) and wayland clients (applications) themselves. There is no single “wayland binary” like in the X11 days. Servers or clients may choose to implement or not implement a specific protocol.
- Shareni ( @Shareni@programming.dev ) 6•5 months ago
Sure, but that doesn’t change the fact that Wayland compositors are forced to be inflexible monoliths that need to be so tightly integrated into a DE that they can’t be replaced.
Edit: I’ve just learned that it’s not forced, but that every compositor used by popular DEs is an inflexible monolith by choice.
In xorg the server, wm, and compositor all do their own thing and can be replaced trivially. It took me like 5 minutes to replace xfwm4 with i3, and that included the research.
- LainTrain ( @LainTrain@lemmy.dbzer0.com ) 6•5 months ago
They’re also all shit and dysfunctional as hell. Xorg forever. Systemd good too.
X11 is a protocol too. Xorg is the binary you are talking about
- NekkoDroid ( @NekkoDroid@programming.dev ) 2•5 months ago
I think what they meant is that there are people that think: “Wayland is too fragmented, there should be 1 ‘Wayland Compositor’ and the rest should be window managers”
- Shareni ( @Shareni@programming.dev ) 9•5 months ago
Nope, I meant that the wayland compositors are inflexible monoliths that are so tightly integrated into a DE that they can’t be replaced. Xorg might be bloated, but it follows the UNIX philosophy closely enough that each part of the stack above xorg can be trivially replaced.
- NekkoDroid ( @NekkoDroid@programming.dev ) 6•5 months ago
I guess my interpretation was too charitable.
Nothing in the protocol prevents you from splitting the server from the window manager, just everyone implementing the wayland server protocol didn’t see any benefit in splitting it out.
- Shareni ( @Shareni@programming.dev ) 1•5 months ago
Thanks I didn’t know that. Arcan seems to have kept WM’s separate.
- Shareni ( @Shareni@programming.dev ) 1•5 months ago
Thanks I didn’t know that. Arcan seems to have kept WM’s separate.
- drwankingstein ( @drwankingstein@lemmy.dbzer0.com ) English5•5 months ago
I think wayland has potential but in it’s current state it’s just half baked. Once more protocols get merged,
maybe in a decades timeWayland should be quite flexible and robust.- Shareni ( @Shareni@programming.dev ) 3•5 months ago
That’s how I feel as well. IMO it’s ridiculous that Fedora wants to remove xorg completely from the repos in the next version.