• ck_@discuss.tchncs.de
    link
    fedilink
    arrow-up
    8
    ·
    1 year ago

    It might be a drop in replacement to sudo, but I would not use it as such for a while. If you look at the bugs that sudo had over the years, only a fraction of them have been caused by unsafe memory operations. The majority has been caused be its own complexity and the complexity of the sudoers file. These problem classes are not going away by porting the tool over to Rust or any other language. Since this is a rewrite, it will have its own security bugs that need to be found and fixed first. So until sudo-rs has had a couple of years of people fixing security issues, I’d rather not adopt it.

    Given that, I have a hard time imagining why someone would pour time and resources into a rewrite of sudo for years to come instead of working towards a simpler solution.

    • snaggen@programming.dev
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      If that works for you and you are happy with it, fine. But sudo-rs seems to have a bit of a different usecase since it is intended as a drop in replacement for sudo, hence it must be able to handle the sudoers file aso. It still removes some of the never-used obscure functionality that sudo had, so it is probably a lot smaller code base than original sudo.

      • lysdexic@programming.dev
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        1
        ·
        edit-2
        1 year ago

        But sudo-rs seems to have a bit of a different usecase since it is intended as a drop in replacement for sudo, hence it must be able to handle the sudoers file aso.

        Other than being yet another “standard tool X clone written in Rust” project, does it actually provide any tangible value?

          • lysdexic@programming.dev
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            Does it have to?

            If you’re a developer looking for a pastime working on a personal project, no. You’re free to waste your time and effort doing anything that pleases you.

            Everyone else in the world only bothers with something if it provides any value at all. If a project such as this one fails to provide any value them no one will have any reason to waste their time with it, no matter how many times you rewrite it in Rust.

            • λλλ@programming.dev
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              I’m with you. Potential memory safety is the benefit that people should care about. But, the original sudo has been around for so long that I imagine the memory safety is already pretty well hashed out. I believe that there are speed benefits to some of the random applications re-written in rust. But, I don’t see how something like sudo would have any benefit.

      • it_a_me@literature.cafe
        link
        fedilink
        arrow-up
        6
        arrow-down
        1
        ·
        1 year ago
        1. Opendoas has a significantly smaller codebase. It only has 4397 lines of code compared to Sudo-rs’s staggering 35990 lines.

        2. It has a very simple config file which can do everything I want in less than 6 words.

        3. It is a soft fork of BSD’s doas package and receives frequent audits(something I find reassuring since it is a method to gain root access on my system.

        4. I don’t want or need 99% of the features sudo provides so I appreciate the simplicity and lightness of opendoas