Lennart Pottering presented a new utility called RUN0 during a recent event. This utility allows processes to run under the identifiers of other users and is positioned as a safer alternative to the SUDO program. Implemented as a superstructure over the SystemD-Run command, the RUN0 utility eliminates the need for an executable file with the SUID flag. It is included in Systemd 256, currently in the candidate for release stage.
The use of the SUID flag in SUDO poses additional risks due to inheritance of execution context, which includes properties controlled by non-privileged users. RUN0 addresses this by requesting the system manager to launch a command shell or process with the specified user identifier, creating a new pseudo-terminal and sending data between it and the current terminal. This method creates an isolated context for the privileged process launched by RUN0, reducing the risks associated with traditional SUDO execution.
Authorization and user capabilities in RUN0 are handled by Polkit, departing from the classic /etc/sudoers description rules used in SUDO. The RUN0 command serves as a symbolic link to SystemD-Run, with a similar command line interface to SUDO. Notably, RUN0 indicates elevated privilege through visual cues such as a reddish background in the terminal and a red point in the window header, which disappear once the privileged execution ends.
Moreover, RUN0 supports all Systemd-Run options, including the ability to set arbitrary Systemd settings through the “–property” parameter. This allows users to configure specific properties such as “Cpuweight = 200,” “MemoryMax = 2G,” and “IPACCUNTING = YES” during program execution using RUN0.