sudo has a bunch of commands and features nobody (except the person who implemented it) has ever used, giving it quite a large surface of attack. doas is meanwhile much leaner and developed by the OpenBSD community, meaning if a feature has security concerns it won’t be implemented no matter how practical. sudo-rs somewhat of a middle ground between the two, not planning on implementing every single feature of sudo while keeping the same core commands and implementing the quality of life features doas doesn’t like because they’re insecure, and is the solution I personally use.
It’s an implementation of sudo in Rust (because of course) that doesn’t implement every nonsense feature of the normal sudo giving it a smaller attack surface than the normal sudo while still keeping the familiar commands and ease of use (that doas is somewhat lacking)
doasI keep seeing people promote doas, but is it really any more secure than sudo? besides just having less eyes on it?
sudo has a bunch of commands and features nobody (except the person who implemented it) has ever used, giving it quite a large surface of attack. doas is meanwhile much leaner and developed by the OpenBSD community, meaning if a feature has security concerns it won’t be implemented no matter how practical. sudo-rs somewhat of a middle ground between the two, not planning on implementing every single feature of sudo while keeping the same core commands and implementing the quality of life features doas doesn’t like because they’re insecure, and is the solution I personally use.
Subscribing to this question.
Ping, not an expert but at least my opinion
sudo-rsIs it better than doas?
It’s an implementation of sudo in Rust (because of course) that doesn’t implement every nonsense feature of the normal sudo giving it a smaller attack surface than the normal sudo while still keeping the familiar commands and ease of use (that doas is somewhat lacking)