From 7412d8534d5a363f9c34300f922984ab0314012c Mon Sep 17 00:00:00 2001 From: Garrit Franke Date: Fri, 29 Jan 2021 20:45:03 +0100 Subject: [PATCH] Update LOCs in sudo post --- content/posts/2021-01-29-sudo-to-doas.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/content/posts/2021-01-29-sudo-to-doas.md b/content/posts/2021-01-29-sudo-to-doas.md index 7043396..904f876 100644 --- a/content/posts/2021-01-29-sudo-to-doas.md +++ b/content/posts/2021-01-29-sudo-to-doas.md @@ -3,11 +3,9 @@ title: From sudo to doas date: "2021-01-29" --- -You might have heard that there is currently [a pretty significant vulnerability](https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt) affecting `sudo`, the program we all know and love. +You might have heard that there is currently [a pretty significant vulnerability](https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt) affecting `sudo`, the program we all know and love. It is the de facto standard for when you want to run a command as a priviledged user, but that's really it. Under the hood, sudo is a very powerful tool with a lot of features. It can be used to build out complex permission-systems that span across entire clusters of servers. But all of these features come at a price: **complexity**. Last time I checked, the [source code](https://www.sudo.ws/repos/sudo) of sudo had about 330k lines of code (using cloc as a benchmark). This massive complexity plays a large role in its security. -Sudo is very neat. It is the de facto standard for when you want to run a command as a priviledged user, but that's really it. Under the hood, sudo is a very powerful tool with a lot of features. It can be used to build out complex permission-systems that span across entire clusters of servers. But all of these features come at a price: **complexity**. Last time I checked, the [source code](https://www.sudo.ws/repos/sudo) of sudo had about 420k (Meme not intended) lines of code. This massive complexity plays a large role in its security. - -Luckily, there is a **far** more lightweight alternative to sudo called [doas](https://github.com/slicer69/doas). It essentially does all the things you'd expect from sudo for your average end user. Doas is written in under 4k lines of code, which, if you think of it, should be more than enough to provide a tool that executes a command as a priviledged user. +Luckily, there is a **far** more lightweight alternative to sudo called [doas](https://github.com/Duncaen/OpenDoas.git). It essentially does all the things you'd expect from sudo for your average end user. Doas is written in just over 3k lines of code, which, if you think of it, should be more than enough to provide a tool that executes a command as a priviledged user. ## Setup