Systemd plans to replace sudo with run0

systemd is an init system of most of the Linux distributions. It provides a system and service manager that runs as PID 1 and starts the rest of the system or services and keeps track of it.

Linux users are familiar with sudo command. It gives root access or more privilege access to under privileged users. There are many security issues in using sudo. Normal unprivileged users will get more access rights within their own user context. sudo uses large SUID binary and the process can be exploited when its privilege is escalated. SUID behaves weird, unprivileged users invoke the code with more access rights inherited in their execution context but still be controlled via unprivileged code. Execution context has more access rights and it can be easily exploited. 

To address this issue OpenBSD uses doas. It just executes command on behalf of another user. It tries to protect from surface attack issue but overall it is also a SUID binary. 

To overcome this issue, Systemd creator Lennart Poettering announced the plan to use new command line tool called run0 which is symlink to the existing command systemd-run. It is similar to sudo but it does not use SUID binary. It just asks the service manager to invoke a command on the context of target user. It allocates a new PTY for that, and then transfers data back and forth from the originating TTY and this PTY. The authorization is managed via Polkit. This changes are available as part of release version v256-rc1. It is currently in RC and in near future we can expect this change to be available in our Linux distro.