deadbeef79000 14 points 15 hours ago

The size of the code base and therefore attack surface.

The sudo source code is approximately 160,000 lines of C.

Doas was written for OpenBSD (after the OpenBSD project decided sudo was too large to ship in the system base) with a source code of roughly 500 lines of C.

Obviously those extra lines of code bring features to sudo that doas doesn't have.

save

path: 0 24385052, hotness: undefined, score: 14, children: 8

HelloRoot 6 points 14 hours ago

The list of functional differences is too long to write here. I'm sure you can ask some llm to do the google search for you and it will shit out an ungodly amount of differences.

But I'd say roughly they are about:

how you configure it (sudo has a much more complex and expressive syntax, doas needs many more lines for the same result)
how it preserves env variables (sudo has more options for that, it excludes some by default while keeping others and can spawn subshells differently with -l -i)
how it does persisting authorization over some period of time :

doas on OpenBSD caches via a kernel API.

The slicer69 portable doas port has no persist on Linux/FreeBSD - you re-enter your password every invocation.

OpenDoas implements persist via timestamp files, similar to sudo but with fewer tuning options.

save

path: 0 24385052 24385872, hotness: undefined, score: 6, children: 4

TheViking 3 points 12 hours ago

You explained very well, this being an intensely technical subject. And you're absolutely correct about LLMs.

Now, which one do you think would be better, considering the fact that l wish to challenge my learning curve ???

save

path: 0 24385052 24385872 24387846, hotness: undefined, score: 3, children: 1

mmmm 3 points 12 hours ago

Plus doas does not have insults (?)

save

path: 0 24385052 24385872 24387191, hotness: undefined, score: 3, children: 0

ryannathans 1 point 10 hours ago

For an LLM comparison, this is what I get from haiku

sudo is older, more complex, and feature-rich, while doas is newer, simpler, and security-focused.

Core distinctions:

Code size & complexity: doas has roughly 700 lines of code versus sudo's 100,000+ lines, making doas easier to audit and maintain.

Configuration: sudo uses the complex sudoers file with intricate syntax; doas uses a simpler doas.conf file that's more straightforward to read and write.

Security philosophy: doas was designed with security-first principles, minimizing potential attack surface. sudo accumulated features over decades, increasing complexity and potential vulnerabilities.

Feature set: sudo has advanced features like session recording, plugins, authentication caching, and detailed logging. doas is minimalist—it handles the essential privilege escalation task without extras.

Adoption: sudo is ubiquitous across Linux and Unix systems. doas is less common but gaining traction, particularly on OpenBSD (where it originated) and among security-conscious users.

Performance: doas is faster and lighter, while sudo carries more overhead.

In practice, doas works well for straightforward privilege escalation needs, while sudo is better if you need advanced features or broader compatibility.

save

path: 0 24385052 24385872 24389028, hotness: undefined, score: 1, children: 0

TheViking 4 points 14 hours ago

Attack surface means ?

save

path: 0 24385052 24385215, hotness: undefined, score: 4, children: 1

deadbeef79000 11 points 14 hours ago

More code means there's more room for bugs and security flaws that can be exploited, and it's more difficult to reason about the code to find those flaws.

The general security jargon for that concept is 'attack surface'.

save

path: 0 24385052 24385215 24385264, hotness: undefined, score: 11, children: 0

NinjaTurtle 3 points 7 hours ago

Is there any particular features that are noticeably missing, right off the bat?

save

path: 0 24385052 24391061, hotness: undefined, score: 3, children: 0