Is there a difference between sudo mode and kernel mode?

Question

In a UNIX like system, we have a user mode and a kernel mode. There are some instructions which cannot be accessed in the user mode. However when we do sudo, we can access many critical sections of our OS, perform critical actions.

My question is: When a program is executed in the sudo mode, does the whole program run in kernel mode? Or is it the case that the sudo mode is simply an administrative user whose powers are a mere subset of the operations which can be performed by the kernel?

Answer 1

Yes, a huge difference between sudo and kernel mode.

Kernel mode is related to CPU modes. Most processors (in particular all running a common Linux kernel, not a µCLinux one) e.g. your Intel processor inside your laptop have several modes of operation, at least two: the privileged (or supervisor) mode where all machine instructions are possible (including the most unsafe ones, like those configuring the MMU, disabling interrupts, halting the machine, doing physical I/O i.e. sending bytes on network, or to a printer or a disk) and the user mode where some machine instructions are prohibited (in particular physical I/O instructions, MMU configuration, interrupt disabling, etc...)

On Linux, only kernel code (including kernel modules) is running in kernel mode. Everything else is in user mode.

Applications (even commands running as root) are executing in user mode, and interacting with the Linux kernel thru system calls (and this is the only way for an application to interact with the kernel) listed in syscalls(2). So application code sees a "virtual machine" capable of doing syscalls and executing user-mode instructions. The kernel manage the authentication and credentials (see credentials(7) & capabilities(7) ...)

sudo is simply giving a command (using setuid techniques) the permissions for root (i.e. user id 0). Then, some more syscalls are possible... But the command (i.e. the process running that command) is still running in user mode and uses virtual memory and has its address space.

Answer 2

There is no such thing as sudo mode. There is only user space and kernel space.

As you said, kernel mode may execute any instruction offered by the CPU and do anything to the hardware. User mode programs may only access memory that is mapped to the running process, and they are blocked from any direct hardware access. Via the system call mechanism, a user mode program may call the kernel code, which will perform the hardware access on its behalf and return the result back into user space.

In user space, there are additional restrictions on users who are not root (root being user ID number 0). For example, they can only access certain files, and they can only listen on TCP ports numbered above 1024. Running sudo will start a process as the root user, who does not have these restrictions in force.

But processes which are run as the root user (via sudo) are still running in user space, and are still subject to all the same restrictions that implies.