One thing to note is that sudo-rs is not aiming to be a 1:1 reimplementation.
Foreshadowing some tension…
Relevant XKCD
Thats a good one
Rare Canonical W. The only thing I miss from the original sudo is
sudoedit, but I’m pretty sure that’s on the Rust implementation’s TODO list.They’ve got a few months to get it done, and it shouldn’t be that hard, no? Just exec EDITOR as a child process, no?
It also does input validation to ensure one doesn’t break the sudo file.
Sure. I guess it would depend on how complex that is, but surely the sudo command already does validations, so it would just need to have the editor write to a temporary file (which is a copy of the official one) and write once it’s validated, right?
It sounds doable in a few months.
I don’t think it’s that simple. The challenge is that you need to still behave as if it’s invoked as the user so that the editor uses their configurations instead of simply
execing it asroot.I could be wrong though
¯\_(ツ)_/¯Sudo uses the setuid bit or whatever, so it still has access to the user’s environment variables and whatnot. So figuring out which editor to run shouldn’t be an issue.
That’s not what I mean. Yeah, getting the environment variables are simple enough, but if you simply
execsomething as therootuser, whatever youexecwill naturally be looking for configs in/root/.configand not your~/.configdir, so any configurations to things like your text editor won’t be read.Ah, makes sense. It’s easy enough to duplicate the outer ENV for the sub-process, but I don’t know what that means for security and whatnot.
Yep. They make some strange decisions sometimes but this isn’t one of them.
I looked at it, its on the todo list. I also use
sudoedit(orsudo -e). I can’t find the todo list, but here is the issue for: https://github.com/trifectatechfoundation/sudo-rs/issues/762
I’ve switched my Nix setup to this sudo implementation a while ago, and have noticed no downsides thus far. I’ll take the memory safety, with a fresh codebase
Surely this won’t upset people.
