How can bugs like this be prevented? Is Linix/Unix "sudo" security model simply flawed?
If backward compatibility is not required, then OpenBSD's doas[0] may be a suitable alternative. Someone[1]'s ported it to other UNIX-like systems, though I don't know how good the port is.