What makes sudo so hard to secure? [closed]
Sudo has been with us for over 40 years, and it has several CVEs reported and fixed every year. The tool must have been in the spotlight for its inherent involvement in computer security and widespread use, so one might be tempted to believe that the majority of security flaws have been identified by now. It is unrealistic to expect zero vulnerabilities to be found after a certain point in time, but a distinct drop in their frequency is what I would guess would have happened in the past.
Now, I cannot deny the hard work that has been invested into this project over all those years or criticize its current or past shape.
What are the challenges for sudo in particular (apart from the obvious ones like sizable code base, low-level programming language used, etc.) that are making sudo seemingly harder to secure than other projects of similar size or complexity?
