Well, it's also a suid binary, thus it's very safety critical on unix-systems. s... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		hannob on April 29, 2023 \| parent \| context \| favorite \| on: sudo and su Being Rewritten in Rust for Memory Saf... Well, it's also a suid binary, thus it's very safety critical on unix-systems. su isn't as complex as sudo, so there's less reason to create a "simpler su", but still, a memory safe su seems like a good idea. And given su and sudo provide similar functionality, doing them together likely creates synergies and code that can be shared.

lamontcg on April 29, 2023 [–]

And su has to be setuid root and is pretty much mandatory and if you can exploit a bug in it you've got local privilege escalation. I don't know selinux/apparmor well but I imagine su is granted the permission to create root shells, because of course it does, so any exploit will punch through all that as well.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact