• kixik@lemmy.ml
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    1 day ago

    A way smaller alternative therefore less prompt to vulnerabilities is OpenDoas found on Arch/Artix/… and other distros. From the GH project:

    doas is a minimal replacement for the venerable sudo. It was initially written by Ted Unangst of the OpenBSD project to provide 95% of the features of sudo with a fraction of the codebase.

    • MTK@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      9 hours ago

      Tried it but it is not a 100% compatible as sudo replacment as it lacks some of the args. This means that some programs fail as they attempt to use incorrect args.

  • MonkderVierte@lemmy.ml
    link
    fedilink
    arrow-up
    7
    arrow-down
    6
    ·
    edit-2
    1 day ago

    Wrong move. To make sudo more secure, you should instead ditch 90% of the features intended for server which nobody on desktop uses. 150 lines of C code is enough to provide sudo-like functionality on desktop, probably similiar in Rust.

    • zygo_histo_morpheus@programming.dev
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      5 hours ago

      They are open to drop some features apparently, but maybe not “90%”

      The developers are taking a “less is more” approach. This means that some features of the original sudo may not be reimplemented if they serve only niche, or more recently considered “outdated” practices.

    • beleza pura@lemmy.eco.br
      link
      fedilink
      arrow-up
      6
      ·
      9 hours ago

      except ubuntu isn’t a desktop-only distro

      you might also not be considering corporate workstation in an intranet

    • ferric_carcinization@lemmy.ml
      link
      fedilink
      English
      arrow-up
      17
      ·
      2 days ago

      Does it have to be Linux? Some greybeards are pretty opposed to it. I wonder if it would be easier to make our own theme park kernel with blackjack and hookers memory and thread safety, like Redox.

      • patatahooligan@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        4 hours ago

        Does it have to be Linux?

        In order to be a viable general use OS, probably yes. It would be an enormous amount of effort to reach a decent range of hardware compatibility without reusing the work that has already been done. Maybe someone will try something more ambitious, like writing a rust kernel with C interoperability and a linux-like API so we can at least port linux drivers to it as a “temporary” solution.

  • atzanteol@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    7
    ·
    2 days ago

    we’re also sponsoring the uutils project to ensure that some key gaps are closed before we ship 25.10. The sponsorship will primarily cover the development of SELinux support for common commands such as mv, ls, cp, etc.

    I didn’t think Ubuntu used SELinux.

    • Ephera@lemmy.ml
      link
      fedilink
      English
      arrow-up
      11
      ·
      2 days ago

      Seems like it’s Apache-2.0, but original sudo is under ISC license, which is more permissive as far as I’m aware. Although Apache-2.0 is very much still considered “permissive”, too.

    • FooBarrington@lemmy.world
      link
      fedilink
      arrow-up
      14
      ·
      edit-2
      1 day ago

      sudo-rs doesn’t have anything to do with run0. Please take your pills grandpa, we’re worried about you.

      Edit: in case you’re actually an older person, the latter part wasn’t meant as a swipe (just saw your pfp). In that case, sorry!

        • FooBarrington@lemmy.world
          link
          fedilink
          arrow-up
          5
          ·
          10 hours ago

          What? No I’m not. Using a memory-safe implementation of sudo doesn’t take any power away from the user, how does that make sense?

          • nanook@friendica.eskimo.com
            link
            fedilink
            arrow-up
            1
            arrow-down
            1
            ·
            9 hours ago

            @FooBarrington You didn’t just specify memory safe, you advocated stripping away a number of features. Yes memory safe anything is a good idea and I’ve got no objection to the use of rust, I think it’s a good language, one of the few worthwhile efforts to emerge in recent years, but if it is going go be re-implemented, do so fully. Yes, anything that runs with privileges should be memory safe else it’s open to attack and Rust certainly makes that more possible, I am just concerned about the limiting feature set aspect. I’m not in favor of protecting users from themselves, I don’t want a car that is capable of reading speed limit signs and prevents me from exceeding them even if doing so might be unsafe or illegal, that not the car manufacturers job to be come an arm of the government, likewise I don’t want Linux protecting me from myself, I already address potentials with regular backups, etc.

        • FauxLiving@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          12 hours ago

          Go install WIndows 11 if this is what you want punk.

          Don’t install Ubuntu 25.10 if this isn’t what you want. Using Ubuntu means accepting that they’re going to make a lot of decisions about your system. The whole point of these large pre-configured Linux distros is that they make all of the decisions for you.

          If you want more control than that try installing one of the other distros that allow you to choose the software you want.

          • nanook@friendica.eskimo.com
            link
            fedilink
            arrow-up
            1
            arrow-down
            4
            ·
            12 hours ago

            @FauxLiving I’ve been using Ubuntu for about 14 years and in the past they’ve been at least somewhat interested in user input. I hope “don’t become another fucking Microsoft” is a message that Canonical gets.