I am not sure if memory-safety is the biggest issue in sudo design. I find the fact that it is a setuid binary a much bigger issue because a bug can possible result in privilege escalation.<p>I found an alternative implementation that doesn't rely in being a setuid binary like systemd-run0 much more interesting from a security perspective, but I am no security expert.
> This move is part of a broader effort by Canonical to improve the resilience and maintainability of core system components. Sudo-rs is developed by the Trifecta Tech Foundation (TTF), a nonprofit organization that creates secure, open source building blocks for infrastructure software.<p>Ubuntu continuously updates itself without permission, killing apps and losing previous state. You have the Javascript based Gnome window manager that is always bugging out. The Ubuntu packages, drivers and kernel are laughably behind Debian and even further behind mainline. Ubuntu continues to morph into something I don't believe in.<p>That all said, Rust is not a smoking gun for incorrect application logic. It could still happily incorrectly execute stuff with the wrong permissions or blow something up badly. I think it's also a bad idea to offer it as a drop-in replacement when clearly features are still missing since a long time [1].<p>[1] <a href="https://github.com/trifectatechfoundation/sudo-rs/issues?page=2">https://github.com/trifectatechfoundation/sudo-rs/issues?pag...</a>
Seems like the trifecta group is /just/ about migrating tools to rust? Am I understanding that right?<p>I don't have a problem with it, specifically. Seems odd that they don't advertise it, though.
How does sudo-rs compare to run0? <a href="https://news.ycombinator.com/item?id=40205714">https://news.ycombinator.com/item?id=40205714</a>
"This move is part of a broader effort by Canonical to improve the resilience and maintainability of core system components."<p>Somehow "maintainability" has never been something I'd ever associate with Ubuntu. Is it a reference to their source tree? That'd make a lot more sense than if they were referring to the OS itself.
Next they should adopt uutils[1] as coreutils, findutils, diffutils, etc alternative.<p>[1] <a href="http://github.com/uutils/">http://github.com/uutils/</a>
I have been using sudo-rs for over a year. The only issue that I've had is running into `-E` being unsupported once every few months - which is arguably a good thing because I shouldn't be naughty and allow arbitrary envs to leak into a privileged session.