The Story
The sudo and su utilities mediate a critical privilege boundary on just about every open source operating system that powers the Internet. Unfortunately, these utilities have a long history of memory safety issues.
By rewriting sudo and su in Rust we can make sure they don't suffer from any more memory safety vulnerabilities. By leaving out infrequently used features we can reduce attack surface.
What We've Done
In December of 2022 we funded a joint development effort between Tweede Golf and Ferrous Systems to rewrite sudo and su in Rust.
As of August 2023, the first stable release is out, give it a shot!
In June of 2024 the sudo-rs project graduated to a new long-term home at Trifecta Tech Foundation. We believe they'll do a great job stewarding the project going forward.
We'd like to thank Todd Miller, maintainer of the original sudo utility, for his advice and guidance regarding implementing sudo-rs.
What's Next
Prossimo's work on sudo-rs is complete. Trifecta Tech Foundation is taking it from here!
We were excited to learn in May of 2025 that sudo-rs will become the default sudo implementation in Ubuntu.
Packages
Links
More from the Prossimo blog
A new home for memory safe sudo/su
Sudo-rs, an open source memory safe implementation of sudo/su, has a new long-term home at the Trifecta Tech Foundation.
Providing official Fedora Linux RPM packages for ntpd-rs and sudo-rs
Memory safe NTP and sudo are now in Fedora Linux.
Sudo-rs dependencies: when less is better
Here’s how we reduced dependencies from 135 to 3 in sudo-rs.
The First Stable Release of a Memory Safe sudo Implementation
Our Rust rewrite of sudo is ready for use.
Bringing Memory Safety to sudo and su
We are reimplementing sudo and su utilities in Rust.
Funders
