sudo is a setuid binary, but it’s a fairly simple program
Some people would disagree to this.
The brief description of run0 already has too many potential points of failure.
If the “listener” is PID1, which will run the privileged command, in theory, it would be quite bullet proof (in a working system PID1 is always there). But since this is systemd, PID1 is much more than that and much more complex.
On the other hand spawning another daemon from PID1 to be the “listener” makes it, perhaps, even more complicated. You’d have to make sure the listener is always running and have some process supervisor there to watch if it exits… and maybe even a watchdog polling it to make sure it isn’t frozen.
So my conclusion is the same as yours:
a solution in search of a problem
We already have a working solution. Have a well written SUID program. I’ve been using doas for some years now. It’s simple enough that I trust it.
Some people would disagree to this.
If the “listener” is PID1, which will run the privileged command, in theory, it would be quite bullet proof (in a working system PID1 is always there). But since this is systemd, PID1 is much more than that and much more complex. On the other hand spawning another daemon from PID1 to be the “listener” makes it, perhaps, even more complicated. You’d have to make sure the listener is always running and have some process supervisor there to watch if it exits… and maybe even a watchdog polling it to make sure it isn’t frozen.
So my conclusion is the same as yours:
We already have a working solution. Have a well written SUID program. I’ve been using doas for some years now. It’s simple enough that I trust it.