SUD :: Super User Do

This software aims to be a UNIX tool for generic secure usage when in need of privilege escalation. It is designed to run SUID, with "super-user powers" to execute things as root on the system it is installed.

Methodology

SUD is designed for security: it leverages all possible measures to avoid vulnerabilities, primarily the reduction of complexity in its own design and implementation.

SUD is software written following the literate-programming approach and welcomes reviews and contributions, also anonymous ones.

You are welcome to read SUD's source-code and documentation.

SUD is licensed as Public Domain in the hope to improve the security of UNIX systems at large. The portability of sud to any BSD and POSIX compliant system is a desirable feature and contributions are welcome.

Downloads

SUD is distributed as a static binary for various platforms on files.dyne.org/sud

Binaries include musl-libc as a statically linked component.

To start using sud on a 64bit GNU+Linux machine, simply do:

curl https://files.dyne.org/sud/sud_x86_64 > ~/Downloads/sud
sudo install -o root -g root -m 4775 ~/Downloads/sud /usr/local/bin

Use vigr or edit /etc/groups to make sure your privileged users are in the sudo or wheel groups.

To verify the binary integrity of SUD use sud -v and compare the SHA512 to the hash published here and signed with my gpg key: it ties the binary to the sud.c sourcecode used to build it. Here a shell snippet that does just that:

hash=https://files.dyne.org/sud/SHASUMS.txt
curl -s https://jaromil.dyne.org/jaromil.pub | gpg --import 
curl -s $hash | gpg --verify
curl -s $hash | awk '/sud.c$/ {print $0}'
sud -v | awk '/sud.c/ {print $0}'

Motivation

This software is a direct response to the sudo tool which has been adopted by major Linux and BSD distros while augmenting its complexity and collecting vulnerabilities last not least CVE-2021-3156.

With SUD I intend to finally act up and develop something different, considering we have been relying for 10 years on a tool that could have been trivially hacked all that time. In doing so I do not intend to cover all use-cases addressed by sudo and its plugins, but only the most common one of allowing a specific user to execute commands as root or as another user.

SUD takes inspiration from the suckless tool sup and welcomes contributions from coders who are well incline to be suckless.

SUD will never, ever include integrations with systemd.

How to build SUD from source

Literate programming source-code starts from documentation which is then used to generate the source-code and a website. In case of SUD I'm using the Literate Programming System written in D, which is included as a submodule in the literate sub-folder. Also Pandoc is needed to render the README into its homepage. To make sure it is ready for use:

  1. install dub the D package registry
  2. install pandoc for markdown rendering
  3. make sure the literate git submodule is initialised and updated
  4. type make

All the above should be possible on any operating system, if you don't know why is most likely because you don't know well enough the system you are running. Go find out.

Work in progress

If you are watching this repo right now it means you are really interested in the topic or have been contacted by one of us. Please signal yourself with an issue and be welcome to entertain the merry folks gathering around this campfire.

License

SUD is designed and written by Denis Roio <Jaromil @ dyne.org>

SUD is Copyright (C) 2021 by the Dyne.org foundation

CC0
To the extent possible under law, Dyne.org foundation has waived all copyright and related or neighboring rights to sud. This work is published from: The Netherlands.