Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/pid_eins/statuses/112353388561456436">Lennart Poettering (pid_eins@mastodon.social)'s status on Tuesday, 30-Apr-2024 21:57:18 JST</a><a href="https://mastodon.social/@pid_eins" title="pid_eins@mastodon.social"><img src="https://gnusocial.jp/avatar/92094-48-20230126121211.webp" width="48" height="48" alt="Lennart Poettering" style="position: absolute; left: 0; top: 0;">Lennart Poettering</a><div><a href="https://mastodon.social/@pid_eins/112353379708741872" rel="in-reply-to">in reply to</a></div></section><article><p>… manual clean-up is just not how security engineering should be done in 2024 anymore.</p><p>With systemd v256 we are going one step towards this. There's a new tool in systemd, called "run0". Or actually, it's not a new tool, it's actually the long existing tool "systemd-run", but when invoked under the "run0" name (via a symlink) it behaves a lot like a sudo clone. But with one key difference: it's *not* in fact SUID. Instead it just asks the service manager to invoke a command or shell under…</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3017156#notice-5989775">In conversation</a><time datetime="2024-04-30T21:57:18+09:00" title="Tuesday, 30-Apr-2024 21:57:18 JST">about 7 months ago</time> <span>from <span><a href="https://mastodon.social/@pid_eins/112353388561456436" rel="external" title="Sent from mastodon.social via ActivityPub">mastodon.social</a></span></span><a href="https://mastodon.social/@pid_eins/112353388561456436">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Lennart Poettering (pid_eins@mastodon.social)'s status on Tuesday, 30-Apr-2024 21:57:18 JST Lennart Poettering
in reply to
… manual clean-up is just not how security engineering should be done in 2024 anymore.
With systemd v256 we are going one step towards this. There's a new tool in systemd, called "run0". Or actually, it's not a new tool, it's actually the long existing tool "systemd-run", but when invoked under the "run0" name (via a symlink) it behaves a lot like a sudo clone. But with one key difference: it's *not* in fact SUID. Instead it just asks the service manager to invoke a command or shell under…
In conversationabout 7 months ago from mastodon.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice