Canonical’s Ubuntu 25.10 is set to make sudo-rs, a Rust-based rework of the classic sudo utility, the default – part of a push to cut memory-related security bugs and lock down core system components.
When it arrives on October 9, 2025, those interacting with Ubuntu Linux software should enjoy a reduced attack surface and perhaps a bit more peace of mind about system security.
Sudo is a command-line utility on Unix-like systems that allows authorized users to run commands with elevated privileges, typically as root. Its reincarnation using the Rust programming language aims to make the utility memory-safe.
Memory-safe code precludes the possibility of bugs like buffer overflows and use-after-free, which represent the majority of serious software vulnerabilities. As a result, security watchdogs like the US govt’s CISA, and Microsoft’s Mark Russinovich, have spent the past few years urging developers to write new projects in programming languages that support memory safety guarantees (such as Rust, Go, and C#), and in some cases to rewrite existing projects.
The Internet Security Research Group’s Prossimo project jumpstarted these Rust rewrite efforts back in 2020. In response, we’ve seen efforts like sudo-rs, which has been supported by funding from AWS.
The adoration of Rust, still controversial in the Linux maintainer community, has created a crisis for the stewards of C and C++, programming languages that don’t offer comparable memory safety guarantees. If the C and C++ communities cannot come up with foolproof ways to meet memory safety mandates – and there are projects underway that aspire to do that – developers using those languages are destined to spend less time developing and more time maintaining and phasing out.
Sudo has indeed had serious memory safety vulnerabilities, said Marc Schoolderman, lead engineer on the sudo-rs rewrite, pointing to a list maintained by Todd Miller, developer of C-based sudo.
“The first page lists several memory safety vulnerabilities (anything that says buffer overflow, heap overflow or double free),” Schoolderman told The Register. “One of the oldest ones we know of is from 2001, published in Phrack under the whimsical name ‘Vudo,’ which quite dramatically showed an attacker gaining full access on a system that it only had limited access to.”
He continued, “A good recent example is the ‘Baron Samedit’ bug that was discovered by security firm Qualys in 2021, which like ‘Vudo’ would cause an uncontrolled privilege escalation. There are many websites and YouTube videos that illustrate it; it has CVE-2021-3156.”
“The decision to adopt sudo-rs is in line with Canonical’s commitment to Carefully But Purposefully increase the resilience of critical system software, by adopting Rust,” said the Trifecta Tech Foundation in a blog post. “Rust is a programming language with strong memory safety guarantees that eliminates many of the vulnerabilities that have historically plagued traditional C-based software.”
“There are, of course, other critical utilities, but sudo is among the most critical; it mediates a critical privilege boundary on just about every open-source operating system that powers the Internet,” Erik Jonkers, chair of the Trifecta Tech Foundation, told The Register.
“That fact, plus AWS’s willingness to fund the work, is the reason ISRG’s Prossimo selected it. For AWS, moving to memory-safe code as much as possible, for e.g., Amazon Linux, is very valuable. This is clear from the support AWS provided and now Canonical, who are interested in making their products more secure. Also, the response from the open source community shows people care about sudo.”
Jonkers noted that other key building blocks like zlib-rs and ntpd-rs have been adopted by Firefox and Let’s Encrypt, respectively.
The first stable release of sudo-rs appeared in late August 2023, and the utility has since been adopted in Chainguard’s container-oriented Linux distribution Wolfi Linux OS, and other security-focused distributions like NixOS and AerynOS. It has also been packaged with Debian, Fedora and Ubuntu.
As The Register reported two months ago, Canonical VP of engineering Jon Seager sees value in adopting sudo-rs as a default. “While performance is high on my list of priorities, it’s not the primary driver behind this change,” he explained. “These utilities are at the heart of the distribution – and it’s the enhanced resilience and safety that is more easily achieved with Rust ports that are most attractive to me.”
In an effort to assess these new Rust-based utilities, Seager helped to create a project called oxidizr that simplifies the process of replacing traditional Unix utilities with modern Rust-based alternatives on Ubuntu systems. Presently, oxidizr works with uutils coreutils, findutils, and diffutils, plus sudo-rs.
“It will take time to move the needle significantly,” said Jonkers. “There is a focus on defensive security, network security, etc., in the market.
“What we have seen with the reports by Google on Android transition, is that the impact, including cost savings, is huge. CISA marking memory unsafe languages as a bad practice is surely a step in the right direction. In Europe, we are working similarly towards including Memory Safety in Secure by Design policy, together with the Sovereign Tech Agency. The transition will take time, but I’m convinced the needle is moving.” ®