Basically the way sudo and doas work is that they turn your current session into a privileged one, then run the command, then put your session back the way it was, this can cause security issues.
The way run0 works is that it just asks systemd to do it for you, removing those security risks.
At least thats the way I understand it, im not an expert
Sudo is a setuid binary, which means it executes with root permissions as a child of of the calling process. This technically works, but gives the untrusted process a lot of ways to mess with sudo and potentially exploit it for unauthorized access.
Run0 works by having a system service always running in the background as root. Running a command just sends a message to the already running seevice. This leaves a lot less room for exploits.
I don’t know enough about IT security to understand this.
Does that mean that run0 puts programs in some form of sandbox? What’s the difference now to sudo?
Basically the way sudo and doas work is that they turn your current session into a privileged one, then run the command, then put your session back the way it was, this can cause security issues. The way run0 works is that it just asks systemd to do it for you, removing those security risks.
At least thats the way I understand it, im not an expert
Sudo is a setuid binary, which means it executes with root permissions as a child of of the calling process. This technically works, but gives the untrusted process a lot of ways to mess with sudo and potentially exploit it for unauthorized access.
Run0 works by having a system service always running in the background as root. Running a command just sends a message to the already running seevice. This leaves a lot less room for exploits.