#run0 — Public Fediverse posts

While #NixOS should not be affected by #CopyFail as it uses recent kernels, here are additional fixes you can apply:

Disabling setuid does not mitigate it, but reduces the attack surfaces overall significantly.

Instead of #sudo, #su, #pkexec and other #setuid binaries you can use #run0 or a dedicated root account.

I have disabled setuid for a bunch of binaries I don't need, they still work when ran as root, with run0 or #sudo-rs.

```nix
boot.blacklistedKernelModules = [
"algif_aead"
];

security.sudo.enable = false;

security.wrappers = {
su.enable = false;
pkexec.enable = false;

# example setuid binary
chsh = {
source = "${pkgs.shadow}/bin/chsh";
setuid = lib.mkForce false;
owner = "root";
group = "root";
};
};
```

While #NixOS should not be affected by #CopyFail as it uses recent kernels, here are additional fixes you can apply:

Disabling setuid does not mitigate it, but reduces the attack surfaces overall significantly.

Instead of #sudo, #su, #pkexec and other #setuid binaries you can use #run0 or a dedicated root account.

I have disabled setuid for a bunch of binaries I don't need, they still work when ran as root, with run0 or #sudo-rs.

```nix
boot.blacklistedKernelModules = [
"algif_aead"
];

security.sudo.enable = false;

security.wrappers = {
su.enable = false;
pkexec.enable = false;

# example setuid binary
chsh = {
source = "${pkgs.shadow}/bin/chsh";
setuid = lib.mkForce false;
owner = "root";
group = "root";
};
};
```

While #NixOS should not be affected by #CopyFail as it uses recent kernels, here are additional fixes you can apply:

Disabling setuid does not mitigate it, but reduces the attack surfaces overall significantly.

Instead of #sudo, #su, #pkexec and other #setuid binaries you can use #run0 or a dedicated root account.

I have disabled setuid for a bunch of binaries I don't need, they still work when ran as root, with run0 or #sudo-rs.

```nix
boot.blacklistedKernelModules = [
"algif_aead"
];

security.sudo.enable = false;

security.wrappers = {
su.enable = false;
pkexec.enable = false;

# example setuid binary
chsh = {
source = "${pkgs.shadow}/bin/chsh";
setuid = lib.mkForce false;
owner = "root";
group = "root";
};
};
```

While #NixOS should not be affected by #CopyFail as it uses recent kernels, here are additional fixes you can apply:

Disabling setuid does not mitigate it, but reduces the attack surfaces overall significantly.

Instead of #sudo, #su, #pkexec and other #setuid binaries you can use #run0 or a dedicated root account.

I have disabled setuid for a bunch of binaries I don't need, they still work when ran as root, with run0 or #sudo-rs.

```nix
boot.blacklistedKernelModules = [
"algif_aead"
];

security.sudo.enable = false;

security.wrappers = {
su.enable = false;
pkexec.enable = false;

# example setuid binary
chsh = {
source = "${pkgs.shadow}/bin/chsh";
setuid = lib.mkForce false;
owner = "root";
group = "root";
};
};
```

While #NixOS should not be affected by #CopyFail as it uses recent kernels, here are additional fixes you can apply:

Disabling setuid does not mitigate it, but reduces the attack surfaces overall significantly.

Instead of #sudo, #su, #pkexec and other #setuid binaries you can use #run0 or a dedicated root account.

I have disabled setuid for a bunch of binaries I don't need, they still work when ran as root, with run0 or #sudo-rs.

```nix
boot.blacklistedKernelModules = [
"algif_aead"
];

security.sudo.enable = false;

security.wrappers = {
su.enable = false;
pkexec.enable = false;

# example setuid binary
chsh = {
source = "${pkgs.shadow}/bin/chsh";
setuid = lib.mkForce false;
owner = "root";
group = "root";
};
};
```

This week's Cockpit release adds a systemd/polkit-based superuser authentication (think `run0`) as a fallback when sudo is not available/broken. It also finally removes the long-deprecated pam_cockpit_cert module.

https://cockpit-project.org/blog/cockpit-355.html

#cockpit #release #run0

This week's Cockpit release adds a systemd/polkit-based superuser authentication (think `run0`) as a fallback when sudo is not available/broken. It also finally removes the long-deprecated pam_cockpit_cert module.

https://cockpit-project.org/blog/cockpit-355.html

#cockpit #release #run0

This week's Cockpit release adds a systemd/polkit-based superuser authentication (think `run0`) as a fallback when sudo is not available/broken. It also finally removes the long-deprecated pam_cockpit_cert module.

https://cockpit-project.org/blog/cockpit-355.html

#cockpit #release #run0

This week's Cockpit release adds a systemd/polkit-based superuser authentication (think `run0`) as a fallback when sudo is not available/broken. It also finally removes the long-deprecated pam_cockpit_cert module.

https://cockpit-project.org/blog/cockpit-355.html

#cockpit #release #run0

This week's Cockpit release adds a systemd/polkit-based superuser authentication (think `run0`) as a fallback when sudo is not available/broken. It also finally removes the long-deprecated pam_cockpit_cert module.

https://cockpit-project.org/blog/cockpit-355.html

#cockpit #release #run0

Dumb thought (putting it here so that I don't forget :P)

does run0 allow to switch to nobody for non root users?

Using "sudo su - nobody -s /bin/sh" is kinda a bit annoying :p

#sudo #su #nobody #Linux #run0

Dumb thought (putting it here so that I don't forget :P)

does run0 allow to switch to nobody for non root users?

Using "sudo su - nobody -s /bin/sh" is kinda a bit annoying :p

#sudo #su #nobody #Linux #run0

Dumb thought (putting it here so that I don't forget :P)

does run0 allow to switch to nobody for non root users?

Using "sudo su - nobody -s /bin/sh" is kinda a bit annoying :p

#sudo #su #nobody #Linux #run0

Dumb thought (putting it here so that I don't forget :P)

does run0 allow to switch to nobody for non root users?

Using "sudo su - nobody -s /bin/sh" is kinda a bit annoying :p

#sudo #su #nobody #Linux #run0

Dumb thought (putting it here so that I don't forget :P)

does run0 allow to switch to nobody for non root users?

Using "sudo su - nobody -s /bin/sh" is kinda a bit annoying :p

#sudo #su #nobody #Linux #run0

engang for hundre år siden, da jeg først begynte med #Linux, så var liksom ikke #sudo en greie. Og så ble det det, og en del av oss himlet litt med øynene av "sudo su" og sånt, men så ble det etter hvert ganske vanlig.

Men mellom det @pid_eins har skravlet om rundt #run0, og @trifectatech sin #sudors, så er det kanskje på tide å gå tilbake til å ikke ha vanilla sudo på maskina igjen?

https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot

engang for hundre år siden, da jeg først begynte med #Linux, så var liksom ikke #sudo en greie. Og så ble det det, og en del av oss himlet litt med øynene av "sudo su" og sånt, men så ble det etter hvert ganske vanlig.

Men mellom det @pid_eins har skravlet om rundt #run0, og @trifectatech sin #sudors, så er det kanskje på tide å gå tilbake til å ikke ha vanilla sudo på maskina igjen?

https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot

engang for hundre år siden, da jeg først begynte med #Linux, så var liksom ikke #sudo en greie. Og så ble det det, og en del av oss himlet litt med øynene av "sudo su" og sånt, men så ble det etter hvert ganske vanlig.

Men mellom det @pid_eins har skravlet om rundt #run0, og @trifectatech sin #sudors, så er det kanskje på tide å gå tilbake til å ikke ha vanilla sudo på maskina igjen?

https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot

engang for hundre år siden, da jeg først begynte med #Linux, så var liksom ikke #sudo en greie. Og så ble det det, og en del av oss himlet litt med øynene av "sudo su" og sånt, men så ble det etter hvert ganske vanlig.

Men mellom det @pid_eins har skravlet om rundt #run0, og @trifectatech sin #sudors, så er det kanskje på tide å gå tilbake til å ikke ha vanilla sudo på maskina igjen?

https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot

engang for hundre år siden, da jeg først begynte med #Linux, så var liksom ikke #sudo en greie. Og så ble det det, og en del av oss himlet litt med øynene av "sudo su" og sånt, men så ble det etter hvert ganske vanlig.

Men mellom det @pid_eins har skravlet om rundt #run0, og @trifectatech sin #sudors, så er det kanskje på tide å gå tilbake til å ikke ha vanilla sudo på maskina igjen?

https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot

The one thing that makes systemd run0 annoying to use is that it'll ask you every time for the password. With sudo you have this 10 minutes where it won't ask again.

I know the technical reasons, but still this drives me back to sudo.

#systemd #run0 #sudo #Linux

The one thing that makes systemd run0 annoying to use is that it'll ask you every time for the password. With sudo you have this 10 minutes where it won't ask again.

I know the technical reasons, but still this drives me back to sudo.

#systemd #run0 #sudo #Linux

The one thing that makes systemd run0 annoying to use is that it'll ask you every time for the password. With sudo you have this 10 minutes where it won't ask again.

I know the technical reasons, but still this drives me back to sudo.

#systemd #run0 #sudo #Linux

The one thing that makes systemd run0 annoying to use is that it'll ask you every time for the password. With sudo you have this 10 minutes where it won't ask again.

I know the technical reasons, but still this drives me back to sudo.

#systemd #run0 #sudo #Linux

The one thing that makes systemd run0 annoying to use is that it'll ask you every time for the password. With sudo you have this 10 minutes where it won't ask again.

I know the technical reasons, but still this drives me back to sudo.

#systemd #run0 #sudo #Linux

How to Use #Run0 in #Linux

https://www.maketecheasier.com/how-to-use-run0-in-linux/

How to Use #Run0 in #Linux

https://www.maketecheasier.com/how-to-use-run0-in-linux/

How to Use #Run0 in #Linux

https://www.maketecheasier.com/how-to-use-run0-in-linux/

How to Use #Run0 in #Linux

https://www.maketecheasier.com/how-to-use-run0-in-linux/

How to Use #Run0 in #Linux

https://www.maketecheasier.com/how-to-use-run0-in-linux/

#run0

Ist es möglich, run0 als eine Alternative zu sudo zu nutzen?

Die Antwort findet ihr unseren Blogbeitrag:
https://www.credativ.de/blog/credativ-inside/run0-als-sudo-alternative/

#credativ #NetApp #run0 #sudo #Debian

Ist es möglich, run0 als eine Alternative zu sudo zu nutzen?

Die Antwort findet ihr unseren Blogbeitrag:
https://www.credativ.de/blog/credativ-inside/run0-als-sudo-alternative/

#credativ #NetApp #run0 #sudo #Debian

Ist es möglich, run0 als eine Alternative zu sudo zu nutzen?

Die Antwort findet ihr unseren Blogbeitrag:
https://www.credativ.de/blog/credativ-inside/run0-als-sudo-alternative/

#credativ #NetApp #run0 #sudo #Debian

Ist es möglich, run0 als eine Alternative zu sudo zu nutzen?

Die Antwort findet ihr unseren Blogbeitrag:
https://www.credativ.de/blog/credativ-inside/run0-als-sudo-alternative/

#credativ #NetApp #run0 #sudo #Debian

Discover run0 for Linux, a passwordless command execution tool. Learn its similarities and differences with sudo, security analysis, installation, and usage for daily tasks and automation.

https://linuxexpert.org/understanding-run0/

#Linux #LinuxTools #run0 #sudo #SystemAdministration #LinuxCommands #LinuxTips #RootAccess #PasswordlessCommands #Automation #Security #LinuxTutorial #TechTips #AdminTools #ITSecurity #OpenSource #LinuxLearning #DevOps #SysAdmin #LinuxCommunity

Discover run0 for Linux, a passwordless command execution tool. Learn its similarities and differences with sudo, security analysis, installation, and usage for daily tasks and automation.

https://linuxexpert.org/understanding-run0/

#Linux #LinuxTools #run0 #sudo #SystemAdministration #LinuxCommands #LinuxTips #RootAccess #PasswordlessCommands #Automation #Security #LinuxTutorial #TechTips #AdminTools #ITSecurity #OpenSource #LinuxLearning #DevOps #SysAdmin #LinuxCommunity

Discover run0 for Linux, a passwordless command execution tool. Learn its similarities and differences with sudo, security analysis, installation, and usage for daily tasks and automation.

https://linuxexpert.org/understanding-run0/

#Linux #LinuxTools #run0 #sudo #SystemAdministration #LinuxCommands #LinuxTips #RootAccess #PasswordlessCommands #Automation #Security #LinuxTutorial #TechTips #AdminTools #ITSecurity #OpenSource #LinuxLearning #DevOps #SysAdmin #LinuxCommunity

Discover run0 for Linux, a passwordless command execution tool. Learn its similarities and differences with sudo, security analysis, installation, and usage for daily tasks and automation.

https://linuxexpert.org/understanding-run0/

#Linux #LinuxTools #run0 #sudo #SystemAdministration #LinuxCommands #LinuxTips #RootAccess #PasswordlessCommands #Automation #Security #LinuxTutorial #TechTips #AdminTools #ITSecurity #OpenSource #LinuxLearning #DevOps #SysAdmin #LinuxCommunity

Discover run0 for Linux, a passwordless command execution tool. Learn its similarities and differences with sudo, security analysis, installation, and usage for daily tasks and automation.

https://linuxexpert.org/understanding-run0/

#Linux #LinuxTools #run0 #sudo #SystemAdministration #LinuxCommands #LinuxTips #RootAccess #PasswordlessCommands #Automation #Security #LinuxTutorial #TechTips #AdminTools #ITSecurity #OpenSource #LinuxLearning #DevOps #SysAdmin #LinuxCommunity

Just updated #paru to use #run0 instead of sudo on #ArchLinux. Easy peasy. 👍
https://chaos.social/@frederic/112847141891035302

Just updated #paru to use #run0 instead of sudo on #ArchLinux. Easy peasy. 👍
https://chaos.social/@frederic/112847141891035302

Just updated #paru to use #run0 instead of sudo on #ArchLinux. Easy peasy. 👍
https://chaos.social/@frederic/112847141891035302

Just updated #paru to use #run0 instead of sudo on #ArchLinux. Easy peasy. 👍
https://chaos.social/@frederic/112847141891035302

Just updated #paru to use #run0 instead of sudo on #ArchLinux. Easy peasy. 👍
https://chaos.social/@frederic/112847141891035302

@shuLhan @cazabon Well, based on my experiences with #journald as a #syslog_ng guy, my expectation is that around 5-10 years of security nightmares are about to come with #run0:

https://www.syslog-ng.com/community/b/blog/posts/systemd-journald-vs-syslog-ng

Yes, a decade later after journald arrived, I have no problem recommending it. But the first 7-8 years were catastrophic both for users and developers.

@shuLhan @cazabon Well, based on my experiences with #journald as a #syslog_ng guy, my expectation is that around 5-10 years of security nightmares are about to come with #run0:

https://www.syslog-ng.com/community/b/blog/posts/systemd-journald-vs-syslog-ng

Yes, a decade later after journald arrived, I have no problem recommending it. But the first 7-8 years were catastrophic both for users and developers.

@shuLhan @cazabon Well, based on my experiences with #journald as a #syslog_ng guy, my expectation is that around 5-10 years of security nightmares are about to come with #run0:

https://www.syslog-ng.com/community/b/blog/posts/systemd-journald-vs-syslog-ng

Yes, a decade later after journald arrived, I have no problem recommending it. But the first 7-8 years were catastrophic both for users and developers.

@shuLhan @cazabon Well, based on my experiences with #journald as a #syslog_ng guy, my expectation is that around 5-10 years of security nightmares are about to come with #run0:

https://www.syslog-ng.com/community/b/blog/posts/systemd-journald-vs-syslog-ng

Yes, a decade later after journald arrived, I have no problem recommending it. But the first 7-8 years were catastrophic both for users and developers.

@shuLhan @cazabon Well, based on my experiences with #journald as a #syslog_ng guy, my expectation is that around 5-10 years of security nightmares are about to come with #run0:

https://www.syslog-ng.com/community/b/blog/posts/systemd-journald-vs-syslog-ng

Yes, a decade later after journald arrived, I have no problem recommending it. But the first 7-8 years were catastrophic both for users and developers.