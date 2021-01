Armenius said: To an outsider looking in it seems something that would have been obvious. Especially looking at the actual code. Click to expand...

There's plenty of stuff that is obvious when you know what to look for, invisible when you don't. This is likely one of those. It is also possible that it is simply code that almost nobody looks at. The "many eyes" claim of OSS is a myth. While anyone CAN review any code, that doesn't mean everyone DOES or the people that do are any good. You get some projects where there is one dude who works on it, and nobody else ever looks at it because they don't care.Now for a tool as fundamental as sudo, it has probably been formally audited by companies like IBM and Redhat, and probably also by places like the NSA. So it may just be that this is obvious since you have been told what to look for and where, but if you didn't know it passed unnoticed even to experts.