{"id":16103405,"url":"https://github.com/ytvwld/ele","last_synced_at":"2026-01-06T10:35:58.219Z","repository":{"id":229368801,"uuid":"776553804","full_name":"YtvwlD/ele","owner":"YtvwlD","description":"ele spawns elevated processes.","archived":false,"fork":false,"pushed_at":"2024-09-25T15:47:49.000Z","size":50,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-10T06:07:52.710Z","etag":null,"topics":["dbus","polkit","pty","sudo"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/YtvwlD.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2024-03-23T20:29:31.000Z","updated_at":"2024-09-25T15:47:52.000Z","dependencies_parsed_at":"2024-03-27T13:45:47.722Z","dependency_job_id":"faa5f125-cafa-474e-86c7-5de2ed5863ad","html_url":"https://github.com/YtvwlD/ele","commit_stats":null,"previous_names":["ytvwld/up","ytvwld/ele"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/YtvwlD%2Fele","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/YtvwlD%2Fele/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/YtvwlD%2Fele/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/YtvwlD%2Fele/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/YtvwlD","download_url":"https://codeload.github.com/YtvwlD/ele/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246135699,"owners_count":20729055,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dbus","polkit","pty","sudo"],"created_at":"2024-10-09T18:56:55.288Z","updated_at":"2026-01-06T10:35:58.169Z","avatar_url":"https://github.com/YtvwlD.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ele\n\n**Please use [run0](https://www.freedesktop.org/software/systemd/man/devel/run0.html) instead.**\n\nele spawns elevated processes. To make this work, there are two pieces:\n\n## ele\n\n`ele` is a command line application. You can call it the way you might expect:\n\n```sh\n$ ele id\nuid=0(root) gid=0(root) groups=0(root)\n```\n\nAt least for non-interactive applications.\n\nFor applications that need access to the terminal (like a shell), use `-i`:\n\n```sh\n$ ele --interactive bash\nroot@localhost:~/dev/rust/ele#\n```\n\n## eled\n\nThis is the daemon that actually spawns the processes. Currently, it has to be\nrunning (you can archieve this with a systemd unit) to be able to react to\nrequests; dbus activation is a work in progress.\n\n## Why?\n\n`sudo` and `su` spawn elevated processes without needing a long-running\nsystem-wide daemon. They also handle the terminal way better.\n\nSo why use ele?\n\nele doesn't need to be setuid root to work. Instead, there's a daemon running\nas root (eled) which spawns the elevated processes and passes over the file\ndescriptors of the applications. Authentication is done via polkit,\ndbus is used as the transport. This design is inspired by\n[su on LineageOS](https://github.com/LineageOS/android_system_extras_su).\n\nWhy is this any better? Isn't this just more complicated?\n\n`su` and `sudo` being setuid means that the authentication prompt itself is\nrunning as root. This makes them (a bit) vulnerable against attacks because\nthe environment can't really be controlled.\nSee [CVE-2023-6246](https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt)\nfor a recent vulnerability in this fashion.\n\n[`sudo-rs`](https://github.com/memorysafety/sudo-rs) is an improvement because\nit's (hopefully) not affected by such memory corruption shenanigans,\nbut still, setuid itself poses some risk.\n\n[polkit](https://github.com/polkit-org/polkit) provides fine-grained access\ncontrol and many setuid binaries can probably be replaced with a combination of\nclient and daemon, connected via dbus and polkit.\nInterestingly, `pkexec` just uses polkit for authentication -- the binary itself\nis setuid.\n\nsystemd's [run0](https://www.freedesktop.org/software/systemd/man/devel/run0.html)\nis pretty much the same, so use that.\n\nThis is currently just a proof of concept. :)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fytvwld%2Fele","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fytvwld%2Fele","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fytvwld%2Fele/lists"}