@tylerknowsnothing @nixCraft run0 is a new privilege escalation util provided by systemd.

Both run0 and sudo are for running commands with administrator privileges.

The question being asked is essentially, which one util will you use and which name will you use to reference it.

@codeDude @tylerknowsnothing @nixCraft

sudo is a setuid binary. run0 doesn't use setuid.

setuid allows the caller command to run as another user's uid, usually root.

sudo basically takes your command and tries to run it as the user with minimal privileges necessary to complete the action.

@codeDude @tylerknowsnothing @nixCraft The main security problem with `sudo` is that it will pass a lot of environment context to the environment with escalated privileges.

e.g. the root env will need the user `$PATH` to find the binary.

That context can be hijacked to do dangerous stuff when executed as root.

`sudo` also has a lot of config. e.g. plugins, sudoers, etc. which makes for a big attack surface under setuid.

@codeDude @tylerknowsnothing @nixCraft `run0` is basically a symlink to `systemd-run`, which basically starts a oneshot systemd service that executes your command under the appropriate user.

None of this uses setuid, and the environment carried over is minimal, so it has less room for malicious or destructive behavior to be introduced.

@codeDude @tylerknowsnothing @nixCraft run0 access control is managed w/ `policyKit` instead of `sudoers`, which is a specific format to `sudo`.

Using `polkit` might also allow integrating w/ your desktop for the auth prompt, so you can have GNOME surface its UI & dim the rest of the desktop underneath. i.e. Windows' `run as administrator`.

This should make it harder for a fake UI keylogger to sit in between you & the password entry dialog like: `alias sudo='keylogger-fake-prompt | sudo'`