[msm_]

Who are you shouting at?

Going back to the topic of the discussion, making sudo more resilient prevents a whole class of possible bugs (see CVE-2021-3156). You may not like sudo, but it is very commonly used to manage access, prevent accidental errors, or improve accountability on Linux servers and workstations. It is not going away. Therefore, improving sudo is a worthwhile goal and a thing to be celebrated.

[charcircuit]

I'm not shouting.

>sudo more resilient prevents a whole class of possible bugs

Good, but this doesn't fix the easiest way to escalate privileges as an attacker through sudo. Memory safety doesn't help people who run "curl | sudo bash" to install a random program from the internet.

>It is not going away.

But if work is done it could become very niche and eventually stop getting new usage over time.

[theamk]

> help people who run "curl | sudo bash" to install a random program from the internet.

I don't think you can help those people, unless you seriously lock down the machine to the level of iPhone. Neither Android nor Windows have "sudo" for example, and yet they can get malware just fine... all the difference is instead of the password, user clicks on confirm button a few times.

I advice to (1) think about how you use sudo (2) think what would you replace it with and (3) think how the replacement can be abused by malware.

Here is one example:

(1) Today I used "sudo" to run docker: "sudo -Eg docker docker run..."

(2) the sudo-less replacement would be to add myself to docker group, or switch to rootless docker

(3) If I add myself to docker group, malware can trivially escalate by starting a privileged container. If I switch to the rootless docker, I am weakening security boundary between my primary user and the docker containers I run.

[encrypted_bird]

> I'm not shouting.

In text format, all-caps or the use of an exclamation mark are often used to indicate shouting.

So, it is not unreasonable for people to read your sentence as such.