Systemd heads for a big round-number release

Posted May 16, 2024 22:20 UTC (Thu) by immibis (subscriber, #105511)
In reply to: Systemd heads for a big round-number release by anselm
Parent article: Systemd heads for a big round-number release

I disagree. The already-running binary has to be careful to replicate all of the environment that the setuid binary would inherit, or it creates its own set of bugs. Imagine the havoc if "rm /file" and "sudo rm /file" operate on two different files, because you are in a chroot or a mount namespace.

Systemd heads for a big round-number release

Posted May 16, 2024 22:39 UTC (Thu) by bluca (subscriber, #118303) [Link] (1 responses)

If you are in a chroot or a mount namespace you don't have access to the D-Bus system socket, so you can't run it in the first place. That's a good thing.

Systemd heads for a big round-number release

Posted May 16, 2024 22:40 UTC (Thu) by immibis (subscriber, #105511) [Link]

It would be difficult with a chroot, but normal for a mount namespace, to have access to that socket.

Systemd heads for a big round-number release

Posted May 17, 2024 11:36 UTC (Fri) by farnz (subscriber, #17727) [Link]

It's a tradeoff; run0 has to be careful to replicate enough of the environment that the setuid binary would inherit. setuid binaries have to be careful to not let the inherited environment affect behaviour in undesirable ways; imagine the havoc if rm and sudo rm loaded completely different "rm" binaries thanks to the dynamic linker misinterpreting the inherited environment in some way.