SUDO Will be Protest Software

Sdílet
Vložit
  • čas přidán 29. 04. 2024
  • In the future of the systemd/Linux corporate dystopia: you will be shunned for using sudo instead of run0.

Komentáře • 41

  • @classicrockonly
    @classicrockonly Před měsícem +6

    Info is slightly outdated: Lennart is a Microsoft employee now

    • @RealWaffles
      @RealWaffles  Před měsícem +3

      yeah ik, i posted a comment saying he works for microsoft now but because red hat directly contributes to and funds systemd its still a project they oversee to some extent
      but it is really funny to think of microsoft backdooring linux by pushing run0

    • @classicrockonly
      @classicrockonly Před měsícem

      @@RealWaffles missed that comment :) yes, it’s really bizarre. And rather remarkable watching the Linux community shift from hating MS, to gorging themselves with MS software and loving it. At any rate, I’m more content over here in the BSD and Illumos family. But I still do run some Linux stuff

  • @SteveRowe
    @SteveRowe Před měsícem +21

    When I was a lad, we used su and liked it!

    • @Toleich
      @Toleich Před měsícem +5

      I still use su.
      I find the obsession with sudo in the debian based distro's a little weird.

    • @classicrockonly
      @classicrockonly Před měsícem +1

      We su’d up and down the hill both ways!

    • @dave7244
      @dave7244 Před 21 dnem

      @@Toleich just easy isn't it

  • @kyu9649
    @kyu9649 Před měsícem +9

    I like the uniformity that comes with systemD. However, I wouldn't be surprised if the coming years we experience like 100 supply chain attacks via systemD.

    • @edwardcullen1739
      @edwardcullen1739 Před měsícem

      Yep.
      SystemD was a mistake.

    • @kyu9649
      @kyu9649 Před měsícem +1

      @@edwardcullen1739 Wouldn't say that. It definitely does some things right. But it does a bit to much I feel like.

    • @Lestibournes
      @Lestibournes Před měsícem

      Smaller attack surface. 😇
      Single point of failure. 😱

    • @kyu9649
      @kyu9649 Před měsícem

      @@Lestibournes Yea it is kind of a balance act, thats hard to get right. You can argue, oh, it should only manage processes/services, thats what an init system is supposed to do. But naturally, things a very interconnected, processes also naturally need logging, networking, encryption related things and so on. So, you have two options: you leave the init system very small and make it only do one thing: init the system. Thats good, as in you have small codebase/attack surface and separation or concerns. On the other hand, you things tend to be more "ductaped together", and interoperability between components become harder, and less consistent. You don't have uniformity. Its a battle u can't win, no matter how you do it.

    • @edwardcullen1739
      @edwardcullen1739 Před měsícem

      @@kyu9649 Yes, it seduces with comprehensiveness, yet it introduces as many problems as it solves.
      Text logging that you can view with simple, existing, well-tested programs, replaced with special-purpose tools, that require developing new skills (and bugs) that were previously unnecessary, for what? What benefit do binary logs provide?
      When anyone serious is exporting them to an external system _anyway._
      This is just one example of the many wrong-headed decisions that permeates the SystemD ecosystem.
      The Linux/Unix way is different from the Windows or Mac way.
      I'm not one of these puritanical fuddy-duddies that says "everything is fine the way it was", because that's clearly wrong... But the way SystemD has gone about it is absolutely the wrong direction - Linux/Unix is attractive because it's _not_ Windows, _not_ Mac, so aping those systems is just not the way forward.
      Learn from them and re-interpret what they do in the Unix way, if their solutions are useful, this is what we should do.

  • @burlak3182
    @burlak3182 Před měsícem +3

    I think the reason behind is to move from SUID to something more modern. I don't really know reasoning behind it, but I would guess one of the reason might be to prepare for getting rid of SUID from linux in future, and utilize stuff that allow better rights management like policykit.

  • @23bcx
    @23bcx Před měsícem +2

    I containerization worked how distro maintainers whanted it to we wouldnt even have a sudo alternative. They would just have you run anything you needed to run as root in its own container

  • @joringedamke5597
    @joringedamke5597 Před 18 dny

    I'm an average user; I don't look for trouble. Trouble is good at finding me.

  • @limpa756
    @limpa756 Před měsícem +8

    wtf happened to doas

    • @tacokoneko
      @tacokoneko Před měsícem +2

      doas is default in openbsd. if you use openbsd its still there as normal

    • @RealWaffles
      @RealWaffles  Před měsícem +7

      still usable on gentoo, too. that's what i use. doas removes a lot of the attack surface of sudo but poettering really doesn't like the SUID binary existing at all

  • @crism8868
    @crism8868 Před měsícem +4

    I wanna get off Mr. corpo Linux's wild ride

  • @dusxmt
    @dusxmt Před měsícem

    to be fair, sudo is a walking talking security vulnerability

  • @Chris-mr8ef
    @Chris-mr8ef Před měsícem

    Meanwhile i am using doas and i like it. Up until recently i was using systemd as well and i didnt mind it till i discovered some firewall deny logs triggered by a server trying to communicate with openDNS when it shouldnt. Made me wonder, what else is hard-coded in systemd that we dont know about. Now all my servers run freebsd and my arch desktop will either turn to freebsd as well or void/artix.

    • @RealWaffles
      @RealWaffles  Před měsícem +1

      i ended up using doas on gentoo and it's been good. i forget what other distro i used recently that had doas. but i noticed it wouldn't ask for password in that terminal session so i guess its just in how its configured

    • @jamesyoung151
      @jamesyoung151 Před měsícem

      @@RealWaffles Doas works just fine for my needs.

  • @LunaticEdit
    @LunaticEdit Před měsícem +1

    Linux would have more than 3% desktop computer market share if people would stop competing over dumb things like this. Is SUDO really the hill we want to die on?

  • @drxym
    @drxym Před měsícem

    Every time systemd comes up in an article the discussion erupts into ludicrous rants about how systemd works. It's bloated (it isn't), you can't log as text (you can), binary logs offer no benefits (they do), it does things for the sake of it (it doesn't), it is less safe than the alternatives (it isn't), that scripts are better (they aren't) and so on. I haven't looked at run0 but I suspect it will be in the same vein. Sudo is basically a PowerOfGod command so I could see how it could be abused and if a more granular command elevates some but not all privileges then this should be seen as a good thing. But as this is systemd reasonableness will fly out of the window. That is not to say that sudo isn't a very useful command and I doubt it will go anywhere, but maybe if a particular command needs particular privileges, then forcing people to execute it with PowerOfGod is not good either.

    • @RealWaffles
      @RealWaffles  Před měsícem

      i have good news, its even worse than i thought it would be.
      the skinny is since its a wrapper for systemd-run, it ships information between a user PTY and a root command, and runs every root command as a service
      that is kinda exploitable because you are now susceptible to root hijacking via that PTY. services are also on the system slice and can be easily read. this means you can query dbus and get sensitive information like API keys. a tool like reptyr which was used as an exploit tool on unix systems in the 90s can be used on systemd-run. and that's just 1 example.
      so kinda like i thought, it tries to fix 1 problem which was mostly fixed by doas and more issues in the process that were solved 20 years ago

  • @RealWaffles
    @RealWaffles  Před měsícem +4

    oh yeah i forgot poettering works for microsoft now, so i guess you're protesting microsoft too lol

  • @GCoda
    @GCoda Před měsícem +1

    bsd got doas

    • @RealWaffles
      @RealWaffles  Před měsícem

      some distros like gentoo support it too, its very nice

    • @classicrockonly
      @classicrockonly Před měsícem

      Only OpenBSD does. The others have the same OpenDoas fork that Linux has

  • @w3w3w3
    @w3w3w3 Před měsícem

    I like Sudo

  • @LowLightRecovery
    @LowLightRecovery Před měsícem +3

    dystopia is sweet

  • @georgewbush152
    @georgewbush152 Před měsícem

    app-admin/sudo cels seething at app-admin/doas chads