This has led various people to revisit the problem and come up with alternatives: most prominently there's probably OpenBSD's sudo replacement called "doas". While it greatly simplifies the tool and removes much of the attack surface, it doesn't change one key thing: it's still a SUID binary.
I personally think that the biggest problem with sudo is the fact it's a SUID binary though – the big attack surface, the plugins, network access and so on that come after it it just make the key problem…
Lennart Poettering /
npub1r9…yts2x
2024-04-29 07:34:42
in reply to nevent1q…lavt
Author Public Key
npub1r9ngmtyw5c9qx49tw9rkty6v89yyq95sys9fzj69v6gy883zfcfsyyts2xPublished at
2024-04-29 07:34:42Event JSON
{
"id": "03c5aff28a23c7e0f78cb3b5453f758924dd14772995a01ddde960af927c8c2a",
"pubkey": "19668dac8ea60a0354ab714765934c3948401690240a914b456690439e224e13",
"created_at": 1714376082,
"kind": 1,
"tags": [
[
"e",
"9b7f12e65282a8d8970b4923a618ccf4af994b1ab3a9989ed9310fe525fdc07a",
"",
"root"
],
[
"e",
"8a3bdfb3adace17949e6e7cb2ce420ebf09d45b607bb8189fab710e1f49d0af3",
"",
"reply"
],
[
"p",
"19668dac8ea60a0354ab714765934c3948401690240a914b456690439e224e13"
],
[
"proxy",
"https://mastodon.social/users/pid_eins/statuses/112353350913195618",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://mastodon.social/users/pid_eins/statuses/112353350913195618",
"pink.momostr"
]
],
"content": "This has led various people to revisit the problem and come up with alternatives: most prominently there's probably OpenBSD's sudo replacement called \"doas\". While it greatly simplifies the tool and removes much of the attack surface, it doesn't change one key thing: it's still a SUID binary.\n\nI personally think that the biggest problem with sudo is the fact it's a SUID binary though – the big attack surface, the plugins, network access and so on that come after it it just make the key problem…",
"sig": "731b854fad10c8d234b9bfa35c9e20e5054fc172bba622935ee96d79ce3d8632e2558270edf719e69de85fac65b3e80c8ba1ef2cc5b45703b3dfa4b00ad28b3f"
}