[lelanthran]

> If your answer is: What do you mean hundreds of thousands? That is the right question, but the wrong answer. The answers being around ~500,000 and on average ~200,000, including this year, respectively.

> In contrast, OpenBSD doas, which exists to serve the same primary purpose of executing commands as a super user, clocks in somewhere around a few hundred to maybe 1 or 2 thousand lines total just eyeballing it.

It seems to me, with those numbers, that the big problem with sudo is not the language it is written in but the extremely large attack surface.

I would guess that for 1 out of every million invocations of sudo, all that extra functionality is needed. For the rest of the time, its merely being used to execute a single command as root.

We could make systems more secure by simply removing sudo from those systems that don't use that extra functionality, and replace it with doas.