This reiterates the idea that you should avoid rarely-used features of security-critical software, and is perhaps an argument that those features shouldn't exist in the first place. An extremely-minimal `sudo` alternative would be a nice idea.
Yep, one of the first things I did after OpenBSD switched was:
alias sudo='doas'
It's tough to remember to type 'doas' instead of 'sudo', especially when you use both Linux and OpenBSD all the time (which is why I also have a "doas" alias on my Linux hosts!).
Why change the name of the command just to switch to a different implemention? It should be possible to make a drop-in replacement for sufo itself in Rust or your favorite safe language, and a drop-in safe replacement is likely to get much more traction than some completely new thing.
doas is not intended to be a drop in placement for sudo. While the core feature (run a command as another user) is the same, many of the subfeatures are different.
That's my point: instead of telling everyone to switch to doas, which is a major disruption, someonee shold make a drop-in in sudo reimplementation, which can be used without disrupting existing workflows.
Instead if writing a drop-in replacement, which would be a lot of work, the authors wrote a replacement for the workflows they cared about, without nearly as much flexibility or complexity.
A 3rd party rewrite is a great time to assess what features are core features and which are extraneous. I haven't evaluated doas, but I'm definitely in favor of priviledged utilities having less code in general and having less complexity.
Sudo features exist for a reason. People use them. If you delete random features that you don't happen to use, the people who use sudo today won't switch to your new tool. It doesn't matter that in your opinion those missing features are unnecessary. You don't get to make the call.
If your goal is to eliminate unsafe C code from critical paths, you want a drop-in sudo replacement. If your goal is to just be opinionated, sure, make a non-sudo thing with a selection of features you personally consider important --- but don't be surprised if people keep using sudo.
Because sudo's full behavior is infamously complex. You might be able to make it better with a rewrite, but you're talking about a massive effort with significant risk, and all to reproduce a system that really should be redesigned to be easier to secure in the first place (hence doas).
