Fabian
postmarketOSWe're reverting back from doas to sudo, this time choosing sudo-rs as our implementation.
Read our latest blog post for our reasoning.
https://postmarketos.org/edge/2026/03/18/sudo-rs-instead-of-doas/
zivi@postmarketOS tbhs if you have systemd just use run0 it comes free with your systemd
justsoup 
@zaire @postmarketOS We didn't want to switch to run0 on systemd because we wouldn't be able to do that with OpenRC, and having diff privilege escalation tools per service manager would just confuse people (and us). There's also the issue of there not really being a sudo shim for it like doas (even though a few of us are working on one), so it can't be used as a drop-in replacement. I like run0, but it isn't practical at the moment.
Check out:
https://gitlab.postmarketos.org/postmarketOS/pmaports/-/issues/4144
https://gitlab.postmarketos.org/postmarketOS/pmaports/-/merge_requests/7967
lj·rk@postmarketOS Interesting, what about run0?
sarah tonin 
@postmarketOS leaving doas for sudo-rs for security is a bit of a wild take
sudo-rs is the least secure of the three, as of this moment
princess pancake 
@natty @postmarketOS sudo-rs is new and doesn't have the history of bugfixes of sudo, and doas is much simpler in design than either of the two others, therefore having a smaller and more straightforward codebase
even without any vulnerability, a sudo implementation will always be less secure than something like doas, as the config format is significantly more complex, and therefore more prone to user errors
witch_t *navi@natty @postmarketOS @SRAZKVT
sudo itself is wildly complex, with a huge machinery for policy decision making, sudo-rs is that, but with fresh untested code
doas is so simple there's not a lot of places for really bad bugs to happen
though the truly "secure" solution is something that isn't setuid, skarnet's sudod or ariadne's capsudo likely fair better, but they're also relatively newer projects compared to doas
sudo itself is wildly complex, with a huge machinery for policy decision making, sudo-rs is that, but with fresh untested code
doas is so simple there's not a lot of places for really bad bugs to happen
though the truly "secure" solution is something that isn't setuid, skarnet's sudod or ariadne's capsudo likely fair better, but they're also relatively newer projects compared to doas
LisPi
Val Packett 🧉@postmarketOS now we need the inverse shim so one could type "doas" to use sudo xD
Andrea Pappacoda@postmarketOS this seems pretty wild especially considering that one of the exploits made possible by CrackArmor make use of one of sudo's functionality which has nothing to do with it being written in C, and would be present also in a Rust port.
It may be true that Linux ports of doas may be receiving less attention, but its undeniable that this is also because, well, they just don't require as much maintenance. And, in any case, backporting fixes by OpenBSD is way easier than having to deal with the mess that sudo will inevitably cause again at some point in the future.
Стефания