Linux

10148 readers

665 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

166

sudo-rs Affected By Multiple Security Vulnerabilities - Impacting Ubuntu 25.10 (www.phoronix.com)

submitted 5 days ago by cm0002@literature.cafe to c/linux@programming.dev

58 comments fedilink hide all child comments

The Ubuntu 25.10 transition to using some Rust system utilities continues proving quite rocky. Beyond some early performance issues with Rust Coreutils, breakage for some executables, and broken unattended upgrades due to a Rust Coreutils bug, it's also sudo-rs now causing Ubuntu developers some headaches. There are two moderate security issues affecting sudo-rs, the Rust version of sudo being used by Ubuntu 25.10.

you are viewing a single comment's thread
view the rest of the comments

[–] EnEnCode@programming.dev 7 points 4 days ago

Better than I could have ever put it. But to add my own thoughts, sudo-rs does not gain value just by being in Rust.

It's a more lean sudo with compatability for common flags while intentionally not implementing niche/legacy options, including the one used by CVE-2025-32463, though if I did not need any of those flags at all, I would (and in past, have) just use opendoas.
The project contains extensive testing and a harness versatile enough to also test the OG sudo and has caught regressions in it. The rewrite wanting parity with sudo's behavior has improved the original sudo; you can gain its benefits even if you won't/don't/can't run it. This is the main reason uutils hasn't convinced me of its worth yet.
Having more eyes on sudo is just good. By translating it, they have to understand many of sudo's poorly-documented idiosyncracies and review all its relevant code and consider potential potential edge-cases. That's basically an audit.