
Secure Code Is Hard, Let’s Make It Harder - joshbaptiste
http://emergentchaos.com/archives/2016/02/secure-code-is-hard-lets-make-it-harder.html
======
cyphar
The example of sudo is not a good one. Sudo actually has an incredibly large
feature set, most of which is related to it having fine-grained access
control. Things like "sudo -e" allow a sysadmin to allow a user to only modify
_certain files_ using their editor (while the editor itself doesn't run as
root so it can execute malicious code as root). Sudo is a very cool program
(there's even a book on it buy the OpenBSD guy who maintains it IIRC). The
point being there's a reason for the complexity, and pretending that the
solution to making secure programs is to make them simple is ignoring the
constraints of the real world. We need complex programs that are also secure.
Yes security is hard, if it wasn't lots of people I know would be out of a
job.

~~~
matejn
Well, OpenBSD deprecated sudo(1) in the base install in favor of the vastly
simpler doas(1), because of complexity concerns.

Sudo is now available only as a port/package.

