Some documentation comments.

2025-07-13 20:17:46 -04:00
parent 9047f00910
commit 4d009c46bd
4 changed files with 14 additions and 3 deletions
--- a/nodes/hosts/common/system/security.nix
+++ b/nodes/hosts/common/system/security.nix
@@ -9,11 +9,14 @@
        "unix-group:wheel"
      ];
    };
-    
+   
+    # For security reasons, we are disabling the use of regular sudo and...
    sudo = {
      enable = lib.mkForce false;
    };
-   
+  
+    # ...switching over to sudo-rs which is a Rust rewrite of sudo.
+    # See https://cybersecsentinel.com/cve-2025-32463-privilege-escalation-in-sudo-triggers-urgent-linux-patching/.
    sudo-rs = {
      enable = true;
      wheelNeedsPassword = true;