Rare Canonical W. The only thing I miss from the original sudo is
sudoedit, but I’m pretty sure that’s on the Rust implementation’s TODO list.Yep. They make some strange decisions sometimes but this isn’t one of them.
I looked at it, its on the todo list. I also use
sudoedit(orsudo -e). I can’t find the todo list, but here is the issue for: https://github.com/trifectatechfoundation/sudo-rs/issues/762They’ve got a few months to get it done, and it shouldn’t be that hard, no? Just exec EDITOR as a child process, no?
It also does input validation to ensure one doesn’t break the sudo file.
Sure. I guess it would depend on how complex that is, but surely the sudo command already does validations, so it would just need to have the editor write to a temporary file (which is a copy of the official one) and write once it’s validated, right?
It sounds doable in a few months.
I don’t think it’s that simple. The challenge is that you need to still behave as if it’s invoked as the user so that the editor uses their configurations instead of simply
execing it asroot.I could be wrong though
¯\_(ツ)_/¯Sudo uses the setuid bit or whatever, so it still has access to the user’s environment variables and whatnot. So figuring out which editor to run shouldn’t be an issue.
That’s not what I mean. Yeah, getting the environment variables are simple enough, but if you simply
execsomething as therootuser, whatever youexecwill naturally be looking for configs in/root/.configand not your~/.configdir, so any configurations to things like your text editor won’t be read.Ah, makes sense. It’s easy enough to duplicate the outer ENV for the sub-process, but I don’t know what that means for security and whatnot.
One thing to note is that sudo-rs is not aiming to be a 1:1 reimplementation.
Foreshadowing some tension…
Relevant XKCD
Thats a good one
Time for people to be mad that sudo-rs isn’t GPL even though the original sudo wasn’t GPL either.
What issue do people have with the sudo-rs license? Its Free and Open Source. I think its more like people having an issue with the language Rust and just search excuses to be mad at.
The concern is that if lots of softwares get rewritten and some of those softwares switch from a copyleft license to a permissive license, then things might stop being open-source sooner or later, because companies are not anymore forced to open-source.
Yes, in the case of sudo-rs, this concern is silly. But for example, the uutils coreutils are under MIT license, when the GNU coreutils were under GPL-3.0.
What could be the possible incentive to:
-
move core utils to a closed license if you are a company
-
for a Linux distro to choose that version over the already existing Open Source version
Remember companies cannot take Open Source code bases closed. They can fork an Open Source project and close their fork. But all that means is that their “future” changes are not Open Source
The original Open Source code still exists and we can all keep using it.
For a real world example of companies not closing their userland, Apple still releases the source to their userland even though the BSD license does not require it.
For a real world example of the community continuing on with the Open Source code and ignoring the closed fork, look at Valkey and Reddis.
GNU is completely dominated by Red Hat. The alternatives, like uutils, are far LESS corporate.
Fear and feelings over facts.
Listing examples where it works without enforcement is not an argument against enforcing it where it does not work without. There’s also no reason why uutils couldn’t be less corporate while also having a corporate-unfriendly license. And good luck leading this discussion with anyone, if you’re going to ad hominem right away.
-
I don’t see a problem. If someone forks it and changes the license to some proprietary, then their fork is proprietary. The original software is still Open Source. People act like as if the original license changed.
The issue is big companies.
Google/Amazon/Microsoft can now fork sudo-rs and not have to upstream their changes.
So then Google fixes an exploit for their sudo-rs implementation (or whatever software) and patch it under a different licence. Now the upstream, Amazon and Microsoft forks don’t know if that exploit is also in their implementation, is related to their implementation, or how to potentially fix it.The only way it works is if sudo-rs is implementing new features in a way that it benefits Google/Amazon/Microsoft to contribute back to upstream so they don’t have to keep merging/fixing their exploit code.
For something as stable as sudo, it actually benefits Google/Microsoft/Amazon NOT to share their changes.
If they are rolling and recommending their own distros (which I’m sure they already are) that include their forked changes, then they can say that their software is more secure than other brands. It benefits them for their competition to suffer security breaches, especially if they trace back to these kinda changes.Which makes everything worse for everyone.
And it the fork gets adapted the user base doesn’t use an open source project anymore. Changes which aren’t synced get shipped and you can’t substitute anymore.
Permissive licenses are bad: Someone can take your entire code, build upon it, get hand of the userbase and then make weird changes. They don’t protect the users in any form.
Just imagine someone changed the tools you use daily in such a way that none of your workflows are executed in the same way prior.
You just learn this once you are truly affected. And trust me - This sucks hard.
So, you had to choose between the code that was still Open Source and the code that was now proprietary.
If you stick with the Open Source, what you describe does not happen.
If you moved to the proprietary, well, there you are. You clearly decided that the new features were more important than it being Open Source.
Remember, it is only the new features. All the old code remains as open as it ever was.
So, you had to choose between the code that was still Open Source and the code that was now proprietary.
You are skipping ahead. The code the userbase follows may become the proprietary one.
If you stick with the Open Source, what you describe does not happen.
And this isn’t guaranteed with a permissive license.
If you moved to the proprietary, well, there you are. You clearly decided that the new features were more important than it being Open Source.
If this change happens without the knowledge on the userbase now the Open Source solution needs to advocade for it. And its competition supports all of its features and more. And will clearly upstream any features it adds as well.
Don’t get me wrong - I don’t mean to abandon all projects done by corporations. But a better license gives safety to all users.
Remember, it is only the new features. All the old code remains as open as it ever was.
You are not considering vendor lock-in, upstreaming open source changes, less transparency in regards of security, attributions, changes to contributer license agreements, conflicts of interest and probably more things.
Right, but the other fork became its own project. I have no problem with it. As long as the original code license is not changed.
The original code remains available under the original.
Any proprietary code would have to be code that was added on top of that.
You always have the ability to keep using the Own Source code. That is a freedom you have.
If you decide that proprietary version is “better” and choose to use that, well that is a freedom you have. But now you have accepted a proprietary license. Your choice.
Any proprietary code would have to be code that was added on top of that.
That generalization is wrong. If the license does not state that freedom one can revoke said thing. The author(s) can change the entire license.
If not stated you may be able to fork off a previous version. Depending on the CLA (or its absence) you may have to speak with any contributor prior to publishing your fork!!!
Good luck picking another license than GPL for this requirement.
It isn’t? What is it’s license then
Wikipedia says ISC
I’ve switched my Nix setup to this sudo implementation a while ago, and have noticed no downsides thus far. I’ll take the memory safety, with a fresh codebase
Surely this won’t upset people.
