How many hundreds of thousands of lines of code do you think sudo is?
How many hundreds of thousands of lines of churn do you think happen per year in sudo?
If your answer is: What do you mean hundreds of thousands? That is the right question, but the wrong answer. The answers being around ~500,000 and on average ~200,000, including this year, respectively.
In contrast, OpenBSD doas, which exists to serve the same primary purpose of executing commands as a super user, clocks in somewhere around a few hundred to maybe 1 or 2 thousand lines total just eyeballing it.
> If your answer is: What do you mean hundreds of thousands? That is the right question, but the wrong answer. The answers being around ~500,000 and on average ~200,000, including this year, respectively.
> In contrast, OpenBSD doas, which exists to serve the same primary purpose of executing commands as a super user, clocks in somewhere around a few hundred to maybe 1 or 2 thousand lines total just eyeballing it.
It seems to me, with those numbers, that the big problem with sudo is not the language it is written in but the extremely large attack surface.
I would guess that for 1 out of every million invocations of sudo, all that extra functionality is needed. For the rest of the time, its merely being used to execute a single command as root.
We could make systems more secure by simply removing sudo from those systems that don't use that extra functionality, and replace it with doas.
Most software that handles actual human lives on the line is not written in plain C. Writing 'security critical' software in C is a trade off - many people are willing to accept extra defects in return for the benefits of the C ABI and performance.
sudo is 43 years old though
> It is written in the extreme YOLO style by people with very poor taste.
Sounds a bit exaggerated to me. Do you happen to have data on this?