Prossimo is pleased to announce the first stable release of sudo-rs, our Rust rewrite of the critical sudo utility.
The sudo utility is one of the most common ways for engineers to cross the privacy boundary between user and administrative accounts in the ubiquitous Linux operating system. As such, its security is of the utmost importance.
The sudo-rs project improves on the security of the original sudo by:
Using a memory safe language (Rust), as it's estimated that one out of three security bugs in the original sudo have been memory management issues
It might be a drop in replacement to
sudo
, but I would not use it as such for a while. If you look at the bugs that sudo had over the years, only a fraction of them have been caused by unsafe memory operations. The majority has been caused be its own complexity and the complexity of thesudoers
file. These problem classes are not going away by porting the tool over to Rust or any other language. Since this is a rewrite, it will have its own security bugs that need to be found and fixed first. So untilsudo-rs
has had a couple of years of people fixing security issues, I’d rather not adopt it.Given that, I have a hard time imagining why someone would pour time and resources into a rewrite of
sudo
for years to come instead of working towards a simpler solution.There was a nice talk at RustNL from the creators about this: https://www.youtube.com/watch?v=o4vwJIO96Yo
Here is an alternative Piped link(s): https://piped.video/watch?v=o4vwJIO96Yo
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source, check me out at GitHub.