Yeah I installed alpine linux on my raspberry pi and it comes with doas instead of sudo, and I noticed that arch has doas available, and doas is the new hotness (i guess it's not that new on BSD but I don't use BSD much). It's smaller, less features and thus less attack surface, so I was like hey, yeah let me install that.

But arch has some hard dependencies on sudo, so you can't remove it (you can but not if you want certain build related packages to be installed)... so that means I would have both sudo and doas, which means i now would have two setuid programs, increasing rather than decreasing any hypothetical attack surface.

I will say there is a very good reason to do the auth daemon approach rather than a setuid root thing and I had to do a lot of work on a project at work due to the security aspects of it. We were shipping all these giant sudoers files that had the whole kitchen sink in them because we had to have some system setup stuff running, and it was a whole thing, so they ended up creating an auth daemon that sends an RPC request to a privileged server to actually execute commands as root; i don't think run0 existed then. Or we didn't know about it anyway. And it was for daemons, not users.

So like, there is a use case for that that's real but yeah there's a lot of people wanting to write everything from scratch and missing out of decades of minor bug fixes for things like you're talking about that have gone in to the core utils and such.