> On Linux systems, it is very common to use sudo for operations that require root permissions

Not common unless authors used Ubuntu desktop, which pushed sudo usage to the extremes. I don't even have it installed. However, frequent sudo usage usually indicates something is wrong with how you use the system, maybe account permissions or lack of knowledge of how to use it properly.

I don't want to come across as pedantic - the point I mean to make is that I think a lot of people use sudo without thinking about it much. Sudo's just "the way to use linux" for a lot of people I know.

I don't think the sudo contributors should be labelled as irresponsible, because everything they've added to the project is available for the public to see and scrutinise. I don't think they've ever mislead people; rather that people have assumed things.

Maybe people who care about security will notice now that sudo doesn't have comprehensive testing, and will make their own alternative.

On the other hand, I have seen excessive sudo usage only in Ubuntu and some Debian/Arch docs. Maybe, this is the reasoning behind their comment that sudo is frequently used.

<joke> Also, you can easily spot Ubuntu users: they'll type almost any command with sudo :D </joke>

I think sudo is often the wrong tool for what people are using it for today-- it's a tool to delegate on a multi-user system. But today people are most often applying it on a single(-ish) user system to raise or lower their permissions.

Ironically, most of the vulnerabilities that sudo has had aren't really of consequence in that modern single user usage: If the attacker can run code as the user, then they'll be able to take over any privilege raising process the user uses even if the 'sudo' tool were flawless.

Once you leave that use case the greater feature set of sudo (including, perhaps some of those crusty features you mention) has more applicability.

The thing to always keep in mind is that the programs cruft is substantially the body of its embedded knowledge. Some of that knowledge might be mistaken or outdated. If you really knew what parts were what-- you could just remove them.

If the rewrite isn't sure it can remove it and just replicates, it may not have understood the function's purpose enough to replicate it faithfully and could even introduce security problems (or cause users to introduce them by forcing them to bodge around configuration statements that no longer work).

But these days many computers are only used by one user.

Everything I care about on my computer is readable by my user and a program running as my user could put fake binaries in my path.

I was under the impression that different Linux userspaces sometimes implement these common commands differently. Like "ls" sometimes actually being aliased to a bash script, or maybe BSD having one implementation and Ubuntu another. Is that not the case? Is "sudo" not maintained by an entity like gnu, bsd, etc?

edit - in other words, I always assumed "sudo" was a highly-dependent system-level tool, not just some useful helper binary that is maintained by one independent person.

I feel like linux as a true multi-user system, especially to the level of having sudo access, is such a minority use case that I would never actually trust it in production.

From the article linked to this one, I get the distinct feeling that the author is talking about a few edge cases in the use of sudo.

I don't think 99% will care.

Somewhat like sudoedit.

This is of course for the corporate case of a less privileged user performing a certain task at elevated privileges. Not for the more common use of sudo (these days) of people managing their own personal machines.