this post was submitted on 14 Jun 2024
78 points (93.3% liked)

Linux

8121 readers
6 users here now

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

  1. Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.

  2. Be respectful: Treat fellow community members with respect and courtesy.

  3. Quality over quantity: Share informative and thought-provoking content.

  4. No spam or self-promotion: Avoid excessive self-promotion or spamming.

  5. No NSFW adult content

  6. Follow general lemmy guidelines.

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] potkulautapaprika@sopuli.xyz 2 points 5 months ago (1 children)

Better put than I would've said. I don't much care for lennart, but he's right about some things here. Sudo is unnecessarily huge so it being setuid binary is obviously not great.

Run0 isn't probably the solution, but something might emerge one day that handles privilege escalation in a more today's sane way than sudo.

Doas is kind of an option, but if you are gonna rework this, makes sense to re-think it more than 'leaner sudo'. Let's see what pops up some years later, after all, we all (probably) thought pulseaudio was gonna stay forever too.

[โ€“] jlh@lemmy.jlh.name 1 points 5 months ago

I've been using sudo-rs as a drop-in replacement for sudo, it works well. The codebase is like 1/5 of the size, it drops some of the crazier features of sudo, extremely minimal dependencies, and it's all written in memory-safe rust. NixOS also has an option for setting the sudo binary to be executable by wheel only, so the attack surface is very small.

https://www.memorysafety.org/initiative/sudo-su/ https://github.com/memorysafety/sudo-rs https://search.nixos.org/options?channel=24.05&size=50&sort=relevance&type=packages&query=sudo-rs