The Story
The sudo and su utilities mediate a critical privilege boundary on just about every open source operating system that powers the Internet. Unfortunately, these utilities have a long history of memory safety issues.
By rewriting sudo and su in Rust we can make sure they don't suffer from any more memory safety vulnerabilities. By leaving out less commonly used features we can reduce attack surface.
What We've Done
In December of 2022 we funded a joint development effort between Tweede Golf and Ferrous Systems to rewrite sudo and su in Rust.
As of August 2023, the first stable release is out, give it a shot!
We'd like to thank Todd Miller, maintainer of the original sudo utility, for his advice and guidance on our implementation.
What's Next
We're currently raising funding for additional enterprise features.
Packages
Links
More from the Prossimo blog
A new home for memory safe sudo/su
Sudo-rs, an open source memory safe implementation of sudo/su, has a new long-term home at the Trifecta Tech Foundation.
Providing official Fedora Linux RPM packages for ntpd-rs and sudo-rs
Memory safe NTP and sudo are now in Fedora Linux.
Sudo-rs dependencies: when less is better
Here’s how we reduced dependencies from 135 to 3 in sudo-rs.
The First Stable Release of a Memory Safe sudo Implementation
Our Rust rewrite of sudo is ready for use.
Bringing Memory Safety to sudo and su
We are reimplementing sudo and su utilities in Rust.
Funders
