24·
5 months agoEveryone is focusing on the fact that this us C vs rust. The original sudo has issues on its own. Its a large code base that does lots of things and has inherent security vulnerabilities.
Sudo is worth redoing regardless of language.
https://linuxsecurity.com/news/security-vulnerabilities/sudo-flaws-linux-privilege-at-risk
I used this guide to use traefik with a wildcard certificate from let’s encrypt that is internal only. So I have
Immich.domain.com
And also
Vault.local.domain.com
This allows something like vaultwarden to only be accessible on my internal LAN while something like immich is exposed so I can share albums with anyone I want.
If I want to connect to vaultwarden while away from home, I connect to wireguard first then access via the local URL.
In docker I don’t even close the app’s ports, so even locally everything has SSL everywhere.
https://youtu.be/liV3c9m_OX8