[Dylan16807]

> How is that any different than a daemon that has a parser error in its message handler

The non-daemon has to parse just as much in addition to making itself secure. Actually it needs to parse more things in more complex ways.

[hedora]

Assuming static linkage (which sudo has to assume), there’s really not much to parse. It should just be dealing with a null-delimited list (argv) and the caller’s environment variables (which it just needs to ignore and clear by default).

Here’s a simple implementation: https://github.com/TheMilkies/rut/blob/main/rut.c

(Though it doesn’t clear the environment unless I’m missing something - they should probably replace the call to execvp with one to execvpe, and add a null pointer to the end of the argument list).

The problem of setting up root’s environment and parsing the command line is left to the shell in both solutions (the thing I linked doesn’t indirect through a root login shell).

There’s also the config file, but that’s the same for both.

Similarly, the system could be running some SEL derivative or be using a capability system that causes non-standard behavior from system calls, but the daemon has the same problem.