{"id":19909057,"url":"https://github.com/dyne/sud","last_synced_at":"2025-09-09T11:43:05.948Z","repository":{"id":54735746,"uuid":"334432698","full_name":"dyne/sud","owner":"dyne","description":"minimalist sudo alternative: multi-user privilege escalation tool in three letters","archived":false,"fork":false,"pushed_at":"2022-07-05T23:31:16.000Z","size":264,"stargazers_count":10,"open_issues_count":7,"forks_count":0,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-07-10T15:20:32.736Z","etag":null,"topics":["privilege-escalation","shell","sudo"],"latest_commit_sha":null,"homepage":"https://sud.dyne.org","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dyne.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-01-30T14:31:25.000Z","updated_at":"2024-05-17T02:52:53.000Z","dependencies_parsed_at":"2022-08-14T01:10:49.510Z","dependency_job_id":null,"html_url":"https://github.com/dyne/sud","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/dyne/sud","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dyne%2Fsud","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dyne%2Fsud/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dyne%2Fsud/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dyne%2Fsud/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dyne","download_url":"https://codeload.github.com/dyne/sud/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dyne%2Fsud/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274291327,"owners_count":25258157,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-09T02:00:10.223Z","response_time":80,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["privilege-escalation","shell","sudo"],"created_at":"2024-11-12T21:14:16.528Z","updated_at":"2025-09-09T11:43:05.923Z","avatar_url":"https://github.com/dyne.png","language":"HTML","readme":"# SUD :: Super User Do\n\nThis software aims to be a general implementation of a UNIX tool for\nprivilege escalation, mostly for didactic and frugal purposes. It is\ndesigned to run SUID, with \"super-user powers\" to execute things as\nroot on the system it is installed.\n\nIt will grant super user access to all users included in at least one system group named as `admin`, `wheel`, `sudo` or `sud`. Simple as that, no password asked.\n\n[![software by Dyne.org](https://files.dyne.org/software_by_dyne.png)](http://www.dyne.org)\n\n## Quick build\n\nClone the literate submodule: `git submodule update --init`\n\nInstall `dub` (the D language compiler)\n\nBuild the literate code parser: `make -C literate`\n\nBuild sud: `make release`\n\nOther build targets:\n\n```\nUsage:\n  make \u003ctarget\u003e CC=gcc (or clang)\n\nGeneral\n  codegen          Generate C code from literate file in src/\n  release          Build a dynamically linked release\n  debug            Build a shared binary with debugging symbols\n  install          Install the current build system-wide\n  clean            Clean the build\n  stamp            Generate a SHA512 hash and timestamp for the binary build\n  release-musl     Build a static release with musl\n  release-rpi      Build a static release with cross-pi\n  release-sign     Sign the SHASUMS on the uploaded release\n```\n\n## Motivation\n\nThis software is a direct response to the sudo tool which has been\nadopted by major Linux and BSD distros while augmenting its complexity\nand [collecting\nvulnerabilities](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=sudo)\nlast not least\n[CVE-2021-3156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156).\n\nWith SUD I intend to finally act up and innovate this field of\ndevelopment considering we have been [relying for 10 years on a tool\nthat could have been trivially hacked all that\ntime](https://www.zdnet.com/article/10-years-old-sudo-bug-lets-linux-users-gain-root-level-access/).\n\n## Pros and cons\n\nSUD doesn't covers all use-cases addressed by alternatives, but a few\ncommon situations in which multi-user privilege isolation is a\nnecessary and sufficient condition to safely operate a local or remote\nmachine.\n\nBelow a short summary of pros (advantages) and cons (disadvantages) over\nexisting alternatives:\n\n### Pros compared to [sudo](https://www.sudo.ws/repo.html):\n\n- Easier audit thanks to literate development methodology.\n- Fewer lines of code, fewer features, fewer dependencies.\n\n### Pros compared to [doas](https://github.com/Duncaen/OpenDoas):\n\nNo configuration file, no parsers.\n\n### Pros compared to [sup](https://github.com/parazyd/sup) and [my own bloated sup](https://github.com/dyne/sup):\n\nRuntime configuration based on GID (well, not really an advantage,\nmore of a different approach for different use-cases).\n\n### Pros compared to all other implementations:\n\nPublic domain licensing\n\n### Cons:\n\n- Not heavily tested\n- Code may be improved in some places\n- Documentation needs more lovance and spell checking\n\n\n## Methodology\n\nSUD is software written following the\n[literate-programming](https://en.wikipedia.org/wiki/Literate_programming)\napproach and welcomes reviews and contributions.\n\nBefore using SUD you are supposed to [read its annotated source-code](https://sud.dyne.org).\n\n\n# Downloads\n\nSUD is distributed as a static binary for various platforms on\n[files.dyne.org/sud](https://files.dyne.org/sud)\n\nBinaries include [musl-libc](https://musl-libc.org) as a statically\nlinked component.\n\nTo start using sud on a 64bit GNU+Linux machine, simply do:\n\n```\ncurl https://files.dyne.org/sud/sud-x86-musl \u003e ~/Downloads/sud\n```\n\nOr on Apple/OSX:\n```\ncurl https://files.dyne.org/sud/sud-x86-osx \u003e ~/Downloads/sud\n```\n\nOr on a RaspberryPI (any version)\n```\ncurl https://files.dyne.org/sud/sud-arm-rpi \u003e ~/Downloads/sud\n```\n\nThen to activate it must be in the path and made SUID:\n```\nsudo install -m 4755 -o root -g 0 ~/Downloads/sud /usr/local/bin/sud\n```\n\nUse `vigr` or edit `/etc/group` to make sure your privileged users are in the `admin`, `wheel` or `sudo` groups.\n\nTo verify the binary integrity of SUD use `sud -v` and compare the SHA512 to the [hash published here](https://files.dyne.org/sud/SHASUMS.txt) and signed with [my gpg key](https://jaromil.dyne.org/jaromil.pub): it ties the binary to the `sud.c` sourcecode used to build it. Here a shell snippet that does just that:\n\n```\nhash=https://files.dyne.org/sud/SHASUMS.txt\necho \"Checking sud binary integrity from: $hash\\n\"\ncurl -s https://jaromil.dyne.org/jaromil.pub | gpg --import\ncurl -s $hash | gpg --verify\necho \"\\nReleases listed:\"\ncurl -s $hash | awk '/sud.c/ {print $0}'\necho \"\\nYours found at $(which sud):\"\nsud -v | awk '/sud.c/ {print $0}'\n```\n\n## How to build SUD from source\n\nSUD can either be built as a static executable (no dynamic linking of\nlibraries) or dynamically linked.\n\nLiterate programming source-code starts from documentation which is\nthen used to generate the source-code and a website. In case of SUD\nI'm using the [Literate Programming\nSystem](https://github.com/zyedidia/Literate) written in D, which is\nincluded as a submodule in the `literate` sub-folder. To make sure it is ready for use:\n\n1. install `gcc` or another C compiler\n2. install `dub` the D package registry and a D compiler\n3. make sure the `literate` git submodule is updated\n4. make -C literate to build the documentation tool\n5. type `make` to build sud\n6. type `sudo make install` to install sud with suid\n\nTead the [Makefile](Makefile) for other supported build targets.\n\nAll the above should be possible on any operating system, if you don't\nknow why is most likely because you don't know well enough the system\nyou are running. Go find out.\n\n## Work in progress?\n\nThis repository is maintained to improve the clarity of code and\neventually its security, would any flaws be found. It will not be\ndeveloped further: no new features, eventually less code.\n\nSUD is licensed as Public Domain in the hope to improve the awareness\nof how privilege escalation is done. The portability of SUD to any BSD\nand POSIX compliant system is a desirable feature and contributions\nare welcome.\n\nContribute via [issues](dyne/sud/issues) or by [sending me a private email](https://jaromil.dyne.org).\n\nI am also considering to write a new software following this effort: a very\nsecure alternative to sudo that covers some of its core features, plus\nadds new features and implements new ideas to grant the security of a\nUNIX privilege escalation tool on GNU/Linux and Apple/OSX.\n\nKeep an eye [here](https://github.com/jaromil/suca) in case you are interested.\n\n## License\n\nSUD is designed and written by Denis Roio \u003cJaromil @ dyne.org\u003e.\n\nSUD redistributes the [parg](https://github.com/jibsen/parg) library by Jørgen Ibsen.\n\nCode reviews were kindly contributed by members of the Veteran Unix Admins and the 2600 Hacker Quarterly online communities.\n\nSUD is Copyright (C) 2021-2022 by the Dyne.org foundation\n\n\u003cp xmlns:dct=\"https://purl.org/dc/terms/\" xmlns:vcard=\"https://www.w3.org/2001/vcard-rdf/3.0#\"\u003e\n  \u003ca rel=\"license\"\n     href=\"https://creativecommons.org/publicdomain/zero/1.0/\"\u003e\n    \u003cimg src=\"https://i.creativecommons.org/p/zero/1.0/88x31.png\" style=\"border-style: none;\" alt=\"CC0\" /\u003e\n  \u003c/a\u003e\n  \u003cbr /\u003e\n  To the extent possible under law,\n  \u003ca rel=\"dct:publisher\"\n     href=\"https://dyne.org\"\u003e\n    \u003cspan property=\"dct:title\"\u003eDyne.org foundation\u003c/span\u003e\u003c/a\u003e\n  has waived all copyright and related or neighboring rights to\n  \u003cspan property=\"dct:title\"\u003esud\u003c/span\u003e.\nThis work is published from:\n\u003cspan property=\"vcard:Country\" datatype=\"dct:ISO3166\"\n      content=\"NL\" about=\"https://dyne.org\"\u003e\n  The Netherlands\u003c/span\u003e.\n\u003c/p\u003e\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdyne%2Fsud","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdyne%2Fsud","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdyne%2Fsud/lists"}