This software aims to be a UNIX tool for generic secure usage when in need of privilege escalation. It is designed to run SUID, with "super-user powers" to execute things as root on the system it is installed.
SUD is designed for security: it leverages all possible measures to avoid vulnerabilities, primarily the reduction of complexity in its own design and implementation.
SUD is software written following the literate-programming approach and welcomes reviews and contributions, also anonymous ones.
You are welcome to read SUD's source-code and documentation.
SUD is licensed as Public Domain in the hope to improve the security of UNIX systems at large. The portability of sud
to any BSD and POSIX compliant system is a desirable feature and contributions are welcome.
SUD is distributed as a static binary for various platforms on files.dyne.org/sud
Binaries include musl-libc as a statically linked component.
To start using sud on a 64bit GNU+Linux machine, simply do:
curl https://files.dyne.org/sud/sud_x86_64 > ~/Downloads/sud
sudo install -o root -g root -m 4775 ~/Downloads/sud /usr/local/bin
Use vigr
or edit /etc/groups
to make sure your privileged users are in the sudo
or wheel
groups.
To verify the binary integrity of SUD use sud -v
and compare the SHA512 to the hash published here and signed with my gpg key: it ties the binary to the sud.c
sourcecode used to build it. Here a shell snippet that does just that:
hash=https://files.dyne.org/sud/SHASUMS.txt
curl -s https://jaromil.dyne.org/jaromil.pub | gpg --import
curl -s $hash | gpg --verify
curl -s $hash | awk '/sud.c$/ {print $0}'
sud -v | awk '/sud.c/ {print $0}'
This software is a direct response to the sudo
tool which has been adopted by major Linux and BSD distros while augmenting its complexity and collecting vulnerabilities last not least CVE-2021-3156.
With SUD I intend to finally act up and develop something different, considering we have been relying for 10 years on a tool that could have been trivially hacked all that time. In doing so I do not intend to cover all use-cases addressed by sudo
and its plugins, but only the most common one of allowing a specific user to execute commands as root or as another user.
SUD takes inspiration from the suckless tool sup and welcomes contributions from coders who are well incline to be suckless.
SUD will never, ever include integrations with systemd.
Literate programming source-code starts from documentation which is then used to generate the source-code and a website. In case of SUD I'm using the Literate Programming System written in D, which is included as a submodule in the literate
sub-folder. Also Pandoc is needed to render the README into its homepage. To make sure it is ready for use:
dub
the D package registrypandoc
for markdown renderingliterate
git submodule is initialised and updatedmake
All the above should be possible on any operating system, if you don't know why is most likely because you don't know well enough the system you are running. Go find out.
If you are watching this repo right now it means you are really interested in the topic or have been contacted by one of us. Please signal yourself with an issue and be welcome to entertain the merry folks gathering around this campfire.
SUD is designed and written by Denis Roio <Jaromil @ dyne.org>
SUD is Copyright (C) 2021 by the Dyne.org foundation
To the extent possible under law,
Dyne.org foundation
has waived all copyright and related or neighboring rights to
sud.
This work is published from:
The Netherlands.