Well, it's also a suid binary, thus it's very safety critical on unix-systems. su isn't as complex as sudo, so there's less reason to create a "simpler su", but still, a memory safe su seems like a good idea.
And given su and sudo provide similar functionality, doing them together likely creates synergies and code that can be shared.
And su has to be setuid root and is pretty much mandatory and if you can exploit a bug in it you've got local privilege escalation. I don't know selinux/apparmor well but I imagine su is granted the permission to create root shells, because of course it does, so any exploit will punch through all that as well.
hannob|2 years ago
lamontcg|2 years ago