Sudo must be the program with the largest number of buffer overflows I’ve heard about. That news is repeating itself ever since I remember.

Maybe a good time to plug doas, a simpler alternative to sudo from OpenBSD folks[1], developed partly due to security fears about sudo. It’s also been ported to Linux and is available in e.g. Alpine and Debian.

[1]: <https://flak.tedunangst.com/post/doas>

To put the relative simplicity into perspective, here is the official Github mirror of sudo:

https://github.com/sudo-project/sudo

On the contributors tab:

https://github.com/sudo-project/sudo/graphs/contributors

We can see that sudo has been maintained by one person for ~29 years who has single-handedly committed ~2,936,000 changes over that time resulting in a net increase of ~480,000. It is also being actively developed with ~270,000 changes resulting in a net increase of ~40,000 lines in the last twelve months.

In contrast doas is, just eyeballing it, maybe ~500 lines and at most 1000 lines all together.