Will fedora switch to a memory safe sudo

Sudo is the most used command and having a memory safe version of sudo will greatly increase the security of the desktop and server.
Now many parts of the linux is getting a rust option.

Not yet completed but underdevelopment

It would be nice to see this, along with the rust-based coreutils when they are ready.

The nptd-rs and trustdns written in rust also look useful once they are ready to use.

Our sudo uses a lot of integrations (for example with ldap and IPA),
before we can replace sudo, the rs version would have to grow all the
proper interfaces and solid testing would be needed.

3 Likes

I took a look back at the history of CVE reports for sudo, and while there are definitely some memory mistakes (buffer overflow, double-free, …), there are also exploits due to logic errors.

Rust can help with the first, but it’s hubris to assume a new implementation will be better at the second. I don’t think we should rush to switch.

3 Likes

We don’t need to rush as many sudo fetures are not yet available on rs one but having a close look into the project makes sense also the coreutils-rs once they are mature enough it can be a option to switch to those as linux kernel now having many drivers in rust though the core kernel part is not rustified yet.
But devs now liking rust more thn C it is true even gnome new apps are written in rust like snapshot which will be incubated.
It is actually reducing many unwanted errors which lead to a vulnerability.
Also system76 own DE will be on rust soon.