The complexity of "sudo"

Starting with the release of Milky Way v0.3 we have been using foremost opendoas as direct replacement for using administrative rights with an unprivileged user-account. With the release of Milky Way v0.4 we have therefore now concluded this step as opendoas is for sure in our perspective the better way instead to stay on top for sudo.

Introduction and basic problem

The program sudo (sometimes also referred as shortened version for Super-user do) is designed to let some users executing commands as root (or another user). The basic philosophy is to give as few privileges as possible but still allow people to get their administrative tasks in relation towards the basic system done. The major issues is nevertheless the complexity within sudo as program itself.

Documented reports like CVE-2021-3156 show the reasoning for an alternative: The escalation of root-privileges being for about 10 years not directly discovered because of the basic code-complexity.

There are furthermore issues reported with the default sudo config. The “safe environment” is under constant revision and regularly unable to run pkg_add or build a flavored port, because the expected variables were being excised from the environment. Even when sudoers is keept up to date probably would not have been such an ordeal, but constant software change, creates major security loopholes. So the core of the problem was and is that people like to use sudo to build elaborate sysadmin infrastructures with highly refined sets of permissions and checks and balances. People are therefore invited to use sudo to get a root shell without remembering two passwords. And so there is a considerable tension trying to ship a default config that would mostly work with the second group, but not be too permissive for the first group.

Solution with a strict and lightweight replacement

Using opendoas as static replacement for administrative privileges was a first priority for Hyperbola as lightweight defined system. Intended as a minimalist replacement for sudo, providing “95% of the features of sudo with a fraction of the codebase”, improving security. It is a port of the OpenBSD command by the same name. It also has a much simpler configuration format, simplifying also the setup in general.