why unix | RBL service | netrs | please | ripcalc | linescroll
please

please

TL;DR: I made a sudo alternative, packaging for various distros is in progress.

Current distro support:

Packaging status

Do you want to simplify your user access configuration?

2020 was an unusual year for us all. During that time I had a look at some of the pull requests yet to merge, one of them was a small regex patch for sudo.

It got me thinking, how much sudo do people use, how much of sudo is there but not needed by the vast majority, and what did I want from it.

The vast majority of things in the linux/unix, or system administration space even, are heavily backed by regular expressions. Looking at perl or grep when processing text, you often can't help but express the intentions with regular expressions. They're everywhere. Except in sudo or doas.

What I needed to desperately was to describe the rules for a group of people to use docker without mapping / from the container over the host file system, which would mean their container could trivially change the root user's password hash.

Unfortunately their software would dynamically change many other container properties such as memory and CPU allocation so some flexibility was needed.

run our own fork of sudo

One option was to rebuild sudo from upstream with a patch, which is awaiting merge. The author does not seem overly keen to merge this and has been in deliberation.

Running a patched copy would mean continually rebuilding when a CVE comes along, which doesn't seem that infrequent.

memory safety

Another option was to write something with a memory safe language, covering just the good bits.

Using something memory safe has many advantages. It allows fast development without the stress and strain of, well, C which is what I would normally reach for when doing this.

Many (some reports of 50-70%) of CVEs are a result of unsafe memory.

enter rust

Rust brings many benefits to developing system software. Or just most software really.

  1. memory safety
  2. exhaustive matches
  3. unittests
  4. library dependencies
  5. linting
  6. documentation tests
  7. and much more

Developing with Rust brings helpful features from the compiler, if you're off track, it tells you. Things that would have been a runtime error become a compile error. This is beyond just a little helpful, the vast majority of exhaustive testing is now done at compile time.

just the good bits

To me the good bits were sudoedit and regex. For those who do not know, sudoedit allows a user to modify files that they do not own.

A fault that I found with sudo when other teams needed to audit what was prescribed, was that it is not possible to permit a user list permissions against another user.