[TheBrokenRail]

Seriously, why is sudo so complicated? Most of the time, all sudo has to do is hash a password, check that hash against a file, and if successful, run a program as root.

Why can't we just have a minimal version of sudo that does just that and only that so the majority of smaller servers and home users can run sudo without fear of a security bug ever other month? Preferably using the same executable path so that everything else doesn't break.

It just seems like most of sudo's security bugs come from weird obscure features almost no one uses. Like that time sudoedit had a security issue. I didn't even know that command existed until it broke things, and it still seems pointless when you can just run "sudo nano" or "sudo vi".

[sersnth]

sudoedit runs the editor as the original non-privileged user, which is nice if you're using a configurable text editor like vim/emacs so you're not suddenly using whatever (lack of) configuration the root user has setup. It can also be nice to know any other stuff a complex editor can do like running other programs won't happen in the privileged context.

[maxnoe]

There is: doas

https://wiki.archlinux.org/title/Doas