Speaking as a member of the Security Engineering team lots of concerns, including no time to have done a deep security audit on this. Any new privilege escalation mechanism really needs a full security audit. Running user tasks with root capabilities has had issues in the past, and if done wrong could still cause issues. Doing it via systemd isn't magic and has its own set of issues different from the SUID environment that sudo has to deal with.
(1) run0 is not a sudo drop-in replacement; a user already goes out of their way to use run0 instead of sudo from a security pov this doesn't really matter. If it is available its an alternate privilege escalation point that needs to be evaluated on its own. (2) --empower is not the default mode of operation; a user has to take the explicit step of adding the flag to the command line again, from a security stand point this doesn't really matter. If it is available it has to be evaluated like the user could have used it. I am not saying run0 has to be pulled from 26.04, just that we need to have someone dedicate some proper time to it. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2132177 Title: Please disable the run0 --empower feature To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2132177/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
