• homura1650
    link
    fedilink
    arrow-up
    3
    ·
    6 months ago

    Sudo is a setuid binary, which means it executes with root permissions as a child of of the calling process. This technically works, but gives the untrusted process a lot of ways to mess with sudo and potentially exploit it for unauthorized access.

    Run0 works by having a system service always running in the background as root. Running a command just sends a message to the already running seevice. This leaves a lot less room for exploits.