Testing the memory safe Rust implementation of Sudo/Su

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Rust Build system Filesystem doas Temporary Files

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • sudo-rs

    A memory safe implementation of sudo and su.

    • The dependency list[0] looks pretty reasonable, AFAICT the overwhelming majority of that line-of-code count comes from autogenerated Windows API methods.

    [0]: https://github.com/memorysafety/sudo-rs/blob/60985b2f5f7ffa8...

  • OpenDoas

    A portable fork of the OpenBSD `doas` command

    • If you want to move away from Sudo, but don't want to try this rust implementation just yet, I have had great success with OpenBSD's doas. It has been ported to every Linux distro I know of as well:

    https://github.com/Duncaen/OpenDoas

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • doas

    A port of OpenBSD's doas which runs on FreeBSD, Linux, NetBSD, and illumos

    • There's also a straight port of doas:

    https://github.com/slicer69/doas/

    However unlike sudo and opendoas this does not implement the persist feature on not-OpenBSD.

  • Cargo

    The Rust package manager

    • You're probably running into this: https://github.com/rust-lang/cargo/issues/7058

    `cargo vendor` will download dependencies for all platforms, which leads to a lot of unused code being pulled in. In this case, the Windows API and Microsoft compiler wrappers.

    In this instance, during the build process "tempfile" is used as a dev-dependency, which has a runtime dependency on windows-sys when compiling Windows binaries. I'm not entirely sure why (commenting it out in Cargo.toml doesn't seem to break the build).

    After commenting it out and manually removing the spurious Windows API files as well as the unrelated packages (ctor diff output_vt100 pretty_assertions proc-macro2 quote syn unicode-ident yansi), I get the following results:

              0.0358 secs

  • sudo

    Utility to execute a command as another user

    • └───────────────────────────────────────────────────────────────────────────────────────┘

    As a comparison, this is the output for https://github.com/sudo-project/sudo:

           0.0439 secs

  • tempfile

    Temporary file library for rust

    • The sudo-rs Cargo.toml [1] file seems very reasonable. This is the curse of being cross platform. The inclusion of https://github.com/Stebalien/tempfile as a dependency is responsible for the overwhelming majority of lines due to including *-sys crates for multiple OSs.

    ~/Code/tempfile !! tokei vendor

  • sudo

    Utility to execute a command as another user (by millert)

    • I'm not sure, I only see static analysis and fuzzing workflows in the CI on GitHub [1].

    [1] https://github.com/millert/sudo/actions

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts