PCLinuxOS devs make the point quite well: https://pclosmag.com/html/Issues/201205/page11.html

Nice. I know Old-P from back in the day, brilliant and ornery, lol, he and Bill were like a one-two punch of cantankerous, but I reckon all Linux folk are to some level. Good sense of humor though the both of them, I learned a lot from those guys. And i'm still in agreement about sudo after all these years.

Although it doesn't give quite such fine control as ACF2 on a MVS cum z/OS system. But that's a very different ball game.

Exactly what it was written for.

Well it's kind of down to interpretation:

https://www.sudo.ws/

I think that sums it up well.  But while the functionality to give a user the privileges to run all commands as root is there, that doesn't necessarily mean it's a good idea.  It's just a statement of fact that it can be used for that (the rm command can also be used to delete all of your files, or just one, for example).

sudo has been around for a very long time:

So, yes not really needed for or designed for domestic / home users PCs.

Canonical/Ubuntu and a few others utilised it simply as a means to eliminate / hide the root account, in order to appease migrants from Windows, and to implement an environment with more "hand holding" (protecting users from themselves).  This was all based on the idea that users new Linux would do stupid things, such as running an X session or file manager as root.  From this you'd get breakage, and inevitably "back to Windows", which equates to bad press / reputation for the distribution - something Canonical as a commercial entity had wanted to avoid.

I would not rank sudo alongside other controversial or problematic software, such as systemd, wayland, pulseaudio, rust, etc...  and in the grand scheme of things, sudo's security track record isn't bad, when compared to those and to the Linux kernel itself.

But, if you don't use it, then I believe it's wise to remove it - that is if you're certain it's not being used by a script you may use/depend on without knowing it.

Exactly what it was written for.
I have a long list in sudoers.d, some with, some without PW, for myself.
As an added value, the auditing is also a helpful tool for remembering what was and when.

PCLinuxOS devs make the point quite well: https://pclosmag.com/html/Issues/201205/page11.html

Best,

A.

# ls -la /usr/bin/sudo
-rwsr-xr-x 1 root root 257136 Jun 30 18:25 /usr/bin/sudo*
[manjaro-vm testuser1]# chmod -s /usr/bin/sudo
[manjaro-vm testuser1]# ls -la /usr/bin/sudo
-rwxr-xr-x 1 root root 257136 Jun 30 18:25 /usr/bin/sudo*

After removing the suid permission it is a good idea to block sudo from being updated to avoid that the next update changes the permission back again.

Without the suid permission sudo becomes harmless and useless as it can't elevate it's privileges to root anymore.

I think sudo has a bad press because of the association with Ubuntu - even though it was actually developed by an OpenBSD developer and the Ubuntu default configuration of sudo actually makes no sense, unless one specifically wants the auditing - otherwise su will suffice.

Aside from the above, sudo makes sense in settings where you want to alliow someone to carry out a specific task, which requires root privileges, without giving them root.

Truthfully, most software has vulnerabilities unless it doesn't connect to something that doesn't do anything online.

Although I suppose it could be more indirect than that.

To add some much needed perspective:

https://www.cvedetails.com/vendor/15714/
https://www.cvedetails.com/vendor/33/Linux.html

Yet none here seem concerned about running the Linux kernel...

I use that even on devuan/gnuinos

With jwmkit combined with doas, I can shutdown properly or poweroff properly.

I cannot make heads or tails on how to do the same thing with sudo lol. There is just too much to sort out  in that  sudoers file

xD

so

enjoy

keyword(s): sudo make me a sandwich & santa claus naughty list

(I duck-searched the CVE with the words 'debian security' - first hit.)

Nah ...
It was a fluke.

Probably remembered to take the green one this morning.
Or was it the red one? Can't recall.

That said, what's wrong with the proven and reliable chroot that it now has to have such a useful feature?
It never ends, does it?

Best,

A.

Hmm ....
What'chu talkin' 'bout, Willis?

Oh, right ...
Taken care of.

Best,

A.