Bringing Memory Safety to sudo and su

Josh Aas
Apr 26, 2023

Our Prossimo project has historically focused on creating safer software on network boundaries. Today however, we're announcing work on another critical boundary - permissions. We're pleased to announce that we're reimplementing the ubiquitous sudo and su utilities in Rust.

Sudo was first developed in the 1980s. Over the decades, it has become an essential tool for performing changes while minimizing risk to an operating system. But because it's written in C, sudo has experienced many vulnerabilities related to memory safety issues.

When we're thinking about what software we want to invest in we think primarily about four risk criteria:

  1. Very widely used (nearly every server and/or client)
  2. On a critical boundary
  3. Performing a critical function
  4. Written in languages that are not memory safe (e.g. C, C++, asm)

The program sudo fits all four of those risk criteria. It's important that we secure our most critical software, particularly from memory safety vulnerabilities. It's hard to imagine software that's much more critical than sudo and su.

This work is being done by a joint team from Ferrous Systems and Tweede Golf with generous support from Amazon Web Services. The work plan is viewable here. The GitHub repository is here.

If you'd like to support Prossimo's work to improve memory safety, please consider contributing.