sudo-rs Is Now The Default sudo Of Ubuntu 25.10

cm0002@piefed.world · 3 months ago

sudo-rs Is Now The Default sudo Of Ubuntu 25.10

chronicledmonocle@lemmy.world · edit-2 3 months ago

Was sudo broken in some way that makes rewriting it in rust appealing? Genuinely curious.

badbytes@lemmy.world · 3 months ago

Its a big debate/ discussion lately, as rust has some safety bits built-in that make it safer than C. So tools are getting ported.

chronicledmonocle@lemmy.world · 3 months ago

I mean…sounds fine. Why is it “controversial”?

Lehmanator@programming.dev · 3 months ago

Few reasons, some less valid than others.

replaces GPL license with more permissive one
wasnt broke dont fix
missing some configuration features of base sudo
C people feeling threatened by rust
people hate rust’s overzealous stans
rust community is pretty queer, so being anti-rust is a nice proxy for anti-lgbtq

InternetCitizen2@lemmy.world · 3 months ago

replaces GPL license with more permissive one

Honestly I think this is a rather big deal. It leaves our project open to just being made closed source / justifies not contributing back from big companies.

8uurg@lemmy.world · 3 months ago

wasnt broke dont fix

Sadly, security issues are still being found in sudo, so wasn’t broke isn’t entirely true. Though, whether or not Rust prevents a given security issue is strongly dependent on the kind of issue. Security issues arising from logical errors usually don’t get caught, there is only a guarantee for memory management issues.

missing some configuration features of base sudo

One of the things sudo-rs does is implement only a subset of features to decrease the attack surface. A recent security issue did not affect sudo-rs because they simply did not implement the feature that had the (logic) bug. As with many things this is a trade-off.

badbytes@lemmy.world · 3 months ago

Just GreyBeards having discussions, sometimes heated. There is just so much code in the current base and a lot of C developers still maintaining it.

Lem453@lemmy.ca · 3 months ago

Everyone is focusing on the fact that this us C vs rust. The original sudo has issues on its own. Its a large code base that does lots of things and has inherent security vulnerabilities.

Sudo is worth redoing regardless of language.

https://linuxsecurity.com/news/security-vulnerabilities/sudo-flaws-linux-privilege-at-risk

TeddE@lemmy.world · 3 months ago

Honestly - even if there were no other practical benefit to the code base - having a new language to recode everything in is healthy for programmers - it gets newer engineers excited.

macniel@feddit.org · 3 months ago

Hurray the codebase is rusting e.g. becomes brittle. Whoever came up with that languages name didn’t really think it through.

Blue_Morpho@lemmy.world · 3 months ago

It’s worse than that. Rust is named after a Fungal infection known for being unstoppable.

https://en.m.wikipedia.org/wiki/Rust_(fungus)

Owl@mander.xyz · 3 months ago

Do you hve to write sudo-rs ?

bitcrafter@programming.dev · 3 months ago

No you sudon’t.

pohart@programming.dev · 3 months ago

No. Still sudo

dinckelman@lemmy.world · edit-2 2 months ago

deleted by creator