Making sudo `exec` module available as a command execution library

[LeChatP]

Describe the feature you'd like see implemented in sudo-rs

As the RootAsRole developer and a PhD Student, I have created an alternative to sudo. This alternative is much more developed in terms of privilege and policy management. However, its management of process execution lacks the security features and knowledge that sudo has accumulated over the last 30 years. In this context, It could be great to making exec module available for everyone. I could manage to write this module myself; but firstly, I'd rather not reinvent the wheel, and secondly, I can't guarantee that this new implementation is as secure as the current sudo implementation.

What problem can be solved with this feature? Making sudo's exec module available in a library would allow developers like me to avoid to reinvent the wheel and focus on access control features, while being updated about security insights and fixes, and on the other side, proposing other fixes and maybe features.

Describe alternatives you've considered There is no complete command execution library that manages all the functions offered by a terminal and Linux/BSD kernel in a secure way.

Additional context As a PhD Student in Access control, I can't work on this specific feature. My researches are about how to manage administrative tasks on modern operating systems; My objective is to give administrators the ability to apply least privilege on themselves while keeping initial habits.

Thank you very much, thanks to you I've been able to get a better understanding of how the sudo code works, and to better understand the subtleties of this complex code.

[squell]

When discussing future directions with the team last year, identifying areas of the sudo-rs code base that are "useful in their own right" and making those available was something that we explicitly discussed as something we wanted to do. This suggestion fits in nicely with that idea. (I think we were thinking mostly about our PAM-interface, but I can see how the exec module could be useful as well.)

What I think could be helpful input here is the kind of API you would want for this module; i.e. which knobs do you want to be able to turn? (Right now I believe the exec module might still be a bit closely-but-not-too-closely tied to the sudoers configuration)

[LeChatP]

In fact, I've already took some of your existing rpassword implementation (here). So yup, it is a good idea to make sudo modules as libs !

The exec module, in particular, stands out for its ability to securely manage signals, termios, and pty, all of which are critical to safely handling privileged command execution. I've spent a lot of time trying to work with std::process::Command() variants, but there are always pieces missing when it comes to handling these lower-level features. So I thought what about making another command execution library? And then, I thought that sudo-rs had already developed this pretty well :smile:

The actual dream is to do : cargo add sudo-rs on the project and just call something like

sudo_rs::exec::execute(std::process::Command,/**Something here to define if you use a pty, chdir, login,the actual path etc.**/)

Or maybe just extend the Command paradigm... But in this case I fear that it introduces the "Large Class" Code smell