Testing the memory safe Rust implementation of Sudo/Su

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

Our great sponsors
  • Onboard AI - Learn any GitHub repo in 59 seconds
  • InfluxDB - Collect and Analyze Billions of Data Points in Real Time
  • SaaSHub - Software Alternatives and Reviews
  • sudo-rs

    A memory safe implementation of sudo and su.

    The dependency list[0] looks pretty reasonable, AFAICT the overwhelming majority of that line-of-code count comes from autogenerated Windows API methods.

    [0]: https://github.com/memorysafety/sudo-rs/blob/60985b2f5f7ffa8...

  • OpenDoas

    A portable fork of the OpenBSD `doas` command

    If you want to move away from Sudo, but don't want to try this rust implementation just yet, I have had great success with OpenBSD's doas. It has been ported to every Linux distro I know of as well:


  • Onboard AI

    Learn any GitHub repo in 59 seconds. Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at www.getonboard.dev.

  • doas

    A port of OpenBSD's doas which runs on FreeBSD, Linux, NetBSD, and illumos

    There's also a straight port of doas:


    However unlike sudo and opendoas this does not implement the persist feature on not-OpenBSD.

  • Cargo

    The Rust package manager

    You're probably running into this: https://github.com/rust-lang/cargo/issues/7058

    `cargo vendor` will download dependencies for all platforms, which leads to a lot of unused code being pulled in. In this case, the Windows API and Microsoft compiler wrappers.

    In this instance, during the build process "tempfile" is used as a dev-dependency, which has a runtime dependency on windows-sys when compiling Windows binaries. I'm not entirely sure why (commenting it out in Cargo.toml doesn't seem to break the build).

    After commenting it out and manually removing the spurious Windows API files as well as the unrelated packages (ctor diff output_vt100 pretty_assertions proc-macro2 quote syn unicode-ident yansi), I get the following results:

              0.0358 secs

  • sudo

    Utility to execute a command as another user


    As a comparison, this is the output for https://github.com/sudo-project/sudo:

           0.0439 secs

  • tempfile

    Temporary file library for rust

    The sudo-rs Cargo.toml [1] file seems very reasonable. This is the curse of being cross platform. The inclusion of https://github.com/Stebalien/tempfile as a dependency is responsible for the overwhelming majority of lines due to including *-sys crates for multiple OSs.

    ~/Code/tempfile !! tokei vendor

  • sudo

    Utility to execute a command as another user (by millert)

    I'm not sure, I only see static analysis and fuzzing workflows in the CI on GitHub [1].

    [1] https://github.com/millert/sudo/actions

  • InfluxDB

    Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts