[hkwerf]

In general, you have a very valid point, but how many lines of code do we need to build the normal sudo if you are generously adding stuff we don't compile into the binary? Compiler, tools, some machine with some userspace and kernel for those to run on and so on?

[bayindirh]

Doesn't matter. Both implementations run on the same platform and poisoning the compiler for both versions are equally probable.

If you can pull a lower level attack with general purpose toolchain, targeted for either implementation, it's a more impressive feat, for sure.

However, Rust implementation adds a significant SLOC on top of that complexity.

[sophacles]

Arguing that complexity comes from SLOC feels like paying per LOC... it sort of misses the point.

The languages are different - a lot of C behavior feels "inferred" or "implicit". A lot of Rust behavior is explicit, that is you have to write down exactly what's happening. So things like casting a void* to a $whatever require a couple of lines of rust, not just a single line (or fragment) of `($whatever *) p`.

My personal experience is that the explicit nature of Rust is pretty nice when visiting new code, or revisting code I wrote a while back - everything is written down for me, whereas I have to puzzle out a lot of behavior from the C. It's a bit annoying at first, "cmon compliler, why do I have to tell you this?" is still a common refrain in my head, however its worth it in the long run - revisits to the code are much faster to grok/reload, and once I got used to it, writing it down as it was all loaded in my head the first time wasn't so much of a pain anymore.