undefined | Better HN

0 pointscedws2y ago0 comments

>Which parts are you thinking of removing?

All of it. Seriously. doas demonstrates that sudo's primary function (running commands as another user) can be achieved in an order of magnitude less code and a significantly smaller attack surface.

90% of people don't need more than that, they don't need all the bells and whistles that sudo offers. We aren't in the 90s running on mainframes anymore.

As an aside, doas and sudo are conceptually broken from a security POV because the user's shell can be played with to elevate privileges. The real fix is dump doas and sudo entirely.

0 comments

eep_social2y ago

> conceptually broken

I agree, but the goal of this particular project is to make sudo as safe as possible. Within the stated goal, I don’t think significant LOC reduction is a feasible side quest.

Evangelizing the removal of sudo entirely is an interesting thought but given how widely deployed it is, I see a ton of value in having a sudo-rs stopgap between now and then.

cedwsOP2y ago

Sorry, yes, I think this work is useful, but I also think that sysadmins and distro maintainers should be starting to think about dropping sudo in favour of something simpler. Those who need sudo can still reach for it.

joelthelion2y ago

> As an aside, doas and sudo are conceptually broken from a security POV because the user's shell can be played with to elevate privileges. The real fix is dump doas and sudo entirely.

Could you elaborate on this?

j / k navigate · click thread line to collapse