[Foxboron]

doas is a really bad option on Linux.

The Linux port has not been maintained for 3 years. Has unmerged rowhammer fixes and generally a yolo auth system best described as "dangerous". You are better off using a well maintained project, that includes the CVEs^Wwarts.

It's a mistake to think that `doas` on Linux is the same as `doas` on BSD.

[dev_l1x_be]

We need a doas-rs port that is maintained, i guess.

[Foxboron]

Just as with the sudo-rs reimplementation, a doas-rs rewrite is not going to solve the inherent issues we get with SUID binaries. We are better off implementing better models (see ssh and run0).

[dev_l1x_be]

Again I did not claim it will solve that issue. I am simply suggesting that doas has an easy to use interface and I prefer it over sudo. Somebody pointed out that doas is not maintained on Linux, so I think it would be great to reqrite it in Rust and keep it maintained.