Email or username:

Password:

Forgot your password?
Laurent's posts Post Back to profile
Laurent Bercot

I said it before and I'll say it again, probably not for the last time: people who really care about security would take a long, hard look at the *design* of sudo, where its weaknesses are, why it is so hard to make secure. (Hint: it's the genericity and the sudoers file syntax.)

They would write other, better tools to implement privilege escalation, and they'd have a better time ensuring it's secure. They could even write them in a memory-safe language, if they consider that it's important.

But taking *sudo* as is, not questioning its interface, and simply rewriting it in Rust, only screams "we don't care about having a holistic approach to security, we just hate C".

31 Aug 2023 at 3:53 | Open on social.treehouse.systems
8 comments
Maria

@ska fearlessly concurrent and blazing fast privilege escalation

31 Aug 2023 at 3:57 | Open on social.treehouse.systems
Ariadne Conill 🐰

@ska well, in fairness, the sudo codebase itself is a rathole, so any rewrite in any language is probably a marginal improvement on its own

31 Aug 2023 at 4:09 | Open on social.treehouse.systems
LisPi

@ska I haven't looked at the architecture, but the configuration format itself is filled with so much traps that I can see no reason to keep it save backward compatibility (is that actually worth it though?).

31 Aug 2023 at 4:10 | Open on mastodon.top
chinmay | चिन्मय | چنمئے

@ska the point was to provide a drop in alternative, this is why they also shot down other approaches like daemon instead of setuid

31 Aug 2023 at 4:46 | Open on hachyderm.io
Pyrex, nightsworn alchemist

@ska

I suspect you're aware of this article, but if not, I suspect you may enjoy it.

sqlite.org/whyc.html

(and its companion: sqlite.org/testing.html )

31 Aug 2023 at 4:47 | Open on dragon.style
Avery
Cinnamon

@ska@social.treehouse.systems most rewrites in rust actually change the interface in such cases though?

31 Aug 2023 at 5:18 | Open on lea.pet
Matt Palmer

@ska @tychotithonus the downside of building a new tool with new semantics and configuration format is that in 20 years' time, it might have gotten sufficient adoption to start being considered as a replacement. Network effects aren't just for fax machines and social networks, after all.

The announcement blog post claimed 1/3 of sudo security bugs have been memory safety, so as long as the rewrite didn't introduce at least that many new bugs elsewhere, it's presumably a net-win.

31 Aug 2023 at 6:54 | Open on infosec.exchange
Go Up