Prossimo is pleased to announce the first stable release of sudo-rs, our Rust rewrite of the critical sudo utility.
The sudo utility is one of the most common ways for engineers to cross the privacy boundary between user and administrative accounts in the ubiquitous Linux operating system. As such, its security is of the utmost importance.
The sudo-rs project improves on the security of the original sudo by:
Using a memory safe language (Rust), as it's estimated that one out of three security bugs in the original sudo have been memory management issues
Cool, but I’ll stick with opendoas
If that works for you and you are happy with it, fine. But sudo-rs seems to have a bit of a different usecase since it is intended as a drop in replacement for sudo, hence it must be able to handle the sudoers file aso. It still removes some of the never-used obscure functionality that sudo had, so it is probably a lot smaller code base than original sudo.
Other than being yet another “standard tool X clone written in Rust” project, does it actually provide any tangible value?
Does it have to?
What advantages does that have over this?
Opendoas has a significantly smaller codebase. It only has 4397 lines of code compared to Sudo-rs’s staggering 35990 lines.
It has a very simple config file which can do everything I want in less than 6 words.
It is a soft fork of BSD’s doas package and receives frequent audits(something I find reassuring since it is a method to gain root access on my system.
I don’t want or need 99% of the features sudo provides so I appreciate the simplicity and lightness of opendoas
Hmm.
% tokei src | rg ' (Language|Total)' Language Files Lines Code Comments Blanks Total 76 16243 13468 682 2093
% tokei src test-framework | rg ' (Language|Total)' Language Files Lines Code Comments Blanks Total 196 34274 27742 1072 5460
% git grep '#\[cfg(test)\]' src |wc 40 44 1387
I too love making unaware “Tests Considered Harmful” arguments based on some blind analysis.
Funnily enough, one could easily do some actually potentially useful shallow analysis, instead of a completely blind one, simply by noticing the
libc
crate dependency, then running:git grep -Enp -e libc:: --and --not -e '(libc::(c_|LOG)|\b(type|use)\b)'
Ignoring the usage in test modules, use of raw
libc
appears to be more than you would think from the title. One can also argue that some of that usage would be better served by usingrustix
instead of rawlibc
.Of course authors can counter with arguments why using
rustix
* is not feasible or would complicate things, and would argue that the use of unsafe+libc is required for this kind of project, and it’s still reasonably limited and contained.And a little bit more informed back-and-forth discussion can go from there.
* Searching for rustix in the sudo-rs repo returned this. So this predictably has been brought up before.
I’m sorry but I don’t understand whatever argument you’re making. I did the line count on my phone via termux because I was in a rush, so i’m aware the counts may be inaccurate. I should have made that clear in my earlier reply.
I do, however, hold to the fact that any sudo implementation will be more complicated than doas. Sudo, as a project, has more options and usecases than doas so it also has more posibilities for bugs or misconfiguration for the user.
I’m unable to tell what codebase your are refering to with you’re grep arguments, sorry.
Fair.
sudo-rs