[ch_123]

> Some problems come from the huge amount of features(ldap, easter eggs, ...). sudo-rs reduces the problems by not implementing those features.

This makes me wonder:

1) Would a hypothetical "sudo-lite" with these features removed lead to better security without a rewrite?

2) If these features are useful in the real world, will a Rust rewrite of sudo inevitably gain these features over time and end up with similar problems?

[throw0101a]

> 1) Would a hypothetical "sudo-lite" with these features removed lead to better security without a rewrite?

OpenBSD did this with their doas utility:

* https://en.wikipedia.org/wiki/Doas

[Dylan16807]

"without a rewrite" means cutting down the existing code. A completely different program goes into the same category as "rewrite".

[0cf8612b2e1e]

doas is 500 lines of C. Two orders is magnitude less than sudo yet still covers the core functionality. Sure you could grandfather”s axe your way into the final product, but difficult to see how a a hypothetical code base 1% of the original counted as anything but a rewrite.

[Dylan16807]

Your phrasing sounds like you disagree with me, but you're saying the same thing, right? That doas is not an example of "without a rewrite".

[steveklabnik]

2. While a feature may be useful, the question is how useful, and to how many people. sudo-rs is removing features that aren't used very much, if at all, and doesn't plan to add them, to combat this. Those users can still use the original sudo.

[literalAardvark]

It can't end up with similar problems, due to the memory safety guarantee.

That's not to say that it won't create other ones.

[ch_123]

There are many types of security problems beyond memory safety issues.