[throw0101a]

> 1) Would a hypothetical "sudo-lite" with these features removed lead to better security without a rewrite?

OpenBSD did this with their doas utility:

* https://en.wikipedia.org/wiki/Doas

[Dylan16807]

"without a rewrite" means cutting down the existing code. A completely different program goes into the same category as "rewrite".

[0cf8612b2e1e]

doas is 500 lines of C. Two orders is magnitude less than sudo yet still covers the core functionality. Sure you could grandfather”s axe your way into the final product, but difficult to see how a a hypothetical code base 1% of the original counted as anything but a rewrite.

[Dylan16807]

Your phrasing sounds like you disagree with me, but you're saying the same thing, right? That doas is not an example of "without a rewrite".