Browse Source

Update LOCs in sudo post

restructure
Garrit Franke 3 years ago
parent
commit
7412d8534d
  1. 6
      content/posts/2021-01-29-sudo-to-doas.md

6
content/posts/2021-01-29-sudo-to-doas.md

@ -3,11 +3,9 @@ title: From sudo to doas
date: "2021-01-29"
---
You might have heard that there is currently [a pretty significant vulnerability](https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt) affecting `sudo`, the program we all know and love.
You might have heard that there is currently [a pretty significant vulnerability](https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt) affecting `sudo`, the program we all know and love. It is the de facto standard for when you want to run a command as a priviledged user, but that's really it. Under the hood, sudo is a very powerful tool with a lot of features. It can be used to build out complex permission-systems that span across entire clusters of servers. But all of these features come at a price: **complexity**. Last time I checked, the [source code](https://www.sudo.ws/repos/sudo) of sudo had about 330k lines of code (using cloc as a benchmark). This massive complexity plays a large role in its security.
Sudo is very neat. It is the de facto standard for when you want to run a command as a priviledged user, but that's really it. Under the hood, sudo is a very powerful tool with a lot of features. It can be used to build out complex permission-systems that span across entire clusters of servers. But all of these features come at a price: **complexity**. Last time I checked, the [source code](https://www.sudo.ws/repos/sudo) of sudo had about 420k (Meme not intended) lines of code. This massive complexity plays a large role in its security.
Luckily, there is a **far** more lightweight alternative to sudo called [doas](https://github.com/slicer69/doas). It essentially does all the things you'd expect from sudo for your average end user. Doas is written in under 4k lines of code, which, if you think of it, should be more than enough to provide a tool that executes a command as a priviledged user.
Luckily, there is a **far** more lightweight alternative to sudo called [doas](https://github.com/Duncaen/OpenDoas.git). It essentially does all the things you'd expect from sudo for your average end user. Doas is written in just over 3k lines of code, which, if you think of it, should be more than enough to provide a tool that executes a command as a priviledged user.
## Setup

Loading…
Cancel
Save