Lennart Poettering intends to replace "sudo" with #systemd's run0. Here's a quick PoC to demonstrate root permission hijacking by exploiting the fact "systemd-run" (the basis of uid0/run0, the sudo replacer) creates a user owned pty for communication with the new "root" process.

This isn't the only bug of course, it's not possible on Linux to read the environment of a root owned process but as systemd creates a service in the system slice, you can query D-BUS and learn sensitive information passed to the process env, such as API keys or other secrets.

https://fixupx.com/hackerfantastic/status/1785495587514638559

Nitter mirror: https://xcancel.com/hackerfantastic/status/1785495587514638559

Here are some links about #systemd #alternatives for #Linux in no particular order.
Which are your favorite alternatives and distros?

https://wiki.gentoo.org/wiki/Comparison_of_init_systems

https://suckless.org/sucks/systemd/

https://unixsheikh.com/articles/the-real-motivation-behind-systemd.html

https://sysdfree.wordpress.com/

https://nosystemd.org/

https://skarnet.org/software/systemd.html

https://the-world-after-systemd.ungleich.ch/

https://ewontfix.com/14/

https://forums.debian.net/viewtopic.php?t=120652

https://www.devuan.org/os/announce/

https://www.devuan.org/os/init-freedom

https://thehackernews.com/2019/01/linux-systemd-exploit.html

https://judecnelson.blogspot.com/2014/09/systemd-biggest-fallacies.html

https://chiefio.wordpress.com/2016/05/18/systemd-it-keeps-getting-worse/

https://systemd-free.artixlinux.org/why.php

Some more added here too: https://start.me/p/Kg8keE/priv-sec

#systemd #Linux

Android 15 QPR2 Beta 1 broke the ability for scrcpy to create virtual displays, as the requisite permissions were removed from shell.

However, Google now says it has added back these permissions to shell for Android 16.

While this will re-enable scrcpy's virtual display feature, Google warns that these permissions are only held by shell for testing purposes and may be removed again in the future without notice.

🔫 Android 16's Linux Terminal will soon let you run graphical apps, so of course I ran Doom

ICYMI: Google's been working on a Terminal app that runs Debian in a VM, and they've made steady progress on it.

Click 👇for more details on this progress

🔗 https://androidauthority.com/android-16-linux-terminal-doom-3521804/

(Once again, "The Only Thing They Fear Is You" is stuck in my head.)

Looks like T-Mobile and Starlink are starting to let some Pixel 9 users into the satellite messaging beta.

Just heard from two Pixel 9 Pro XL users that they were invited to the beta.

When the beta first launched two weeks ago, it was reported that only 5 Samsung models were supported (Z Flip 6, Z Fold 6, S24 series). My OnePlus 13 wasn't accepted into the beta, but hopefully that'll change soon.

FWIW: Google has been testing Starlink support on the Pixel 9 for a few months now.

🛜 Quick Settings on Android could revert to expanding tiles the old way

Google is testing a change that brings back the old Quick Settings tile expansion behavior from Android 5.1.

It's far from finished, but here's a video showing the current state👇

🔗 https://www.androidauthority.com/android-quick-settings-expansion-3521878/

📏 Android 16 is getting more personalized with new regional preference options

Android 16 may let you set your preferred measurement system and region independent of the system language.

Here's why that's important👇

🔗 https://www.androidauthority.com/android-16-region-measurement-settings-3521970/

One Googler says that "AVF is mandatory starting from Android 16."

AVF, if you aren't aware, is the Android Virtualization Framework. It provides a set of APIs for system apps to run payloads in an Android or Linux virtual machine. It's also notably what enables the new Linux Terminal app in Android 16.

Almost every OEM has devices supporting AVF, with the lone exception of Samsung (possibly due to conflicts with Knox). I thought this would change with the launch of the Galaxy S25 series, as they launch with vendor software built for Android 15, and AFAIK, VSR-15 still has a clause mandating that devices launching on API level 202404 support AVF. So I'm not sure what happened here, but hopefully the requirement is actually real in Android 16, at least for newly launching devices.

The supported Linux kernel versions for Android 16 have been revealed. They include:

Upgrades:

- android11-5.4
- android12-5.4
- android12-5.10
- android13-5.10
- android13-5.15
- android14-5.15
- android14-6.1
- android15-6.6
- android16-6.12

New launches for devices with chipsets not under GRF:

- android15-6.6
- android16-6.12

New launches for devices with chipsets under GRF:

- android13-5.15
- android14-5.15
- android14-6.1
- android15-6.6
- android16-6.12

---

Yes, this means that there could be new Android 16 devices shipping with a kernel/vendor software built for Android 13.

✨Google Photos will now add an invisible watermark to images edited with Reimagine

Photos will start using SynthID, a technology that embeds imperceptible digital watermarks into images, to mark images edited with Reimagine.

🔗 https://www.androidfaithful.com/google-photos-reimagine-watermark/

⌨️ Android 16 could finally let you remap keyboard shortcuts

Google's working to let you reassign the key combinations that perform Android system actions.

More details 👇

🔗 https://www.androidauthority.com/android-16-customizable-keyboard-shortcuts-3524017/

Android 16 may give you a heads up when your phone's time zone changes

Google is working on a "time zone alerts" feature that notifies you when your phone's time zone has been automatically updated.

🔗 https://www.androidauthority.com/android-16-time-zone-alerts-3524074/

A look at how technology companies handle naming and territory disputes.

https://www.makeuseof.com/google-maps-gulf-of-mexico-name-change/