Privilege boundary
Sudo-rs
The sudo and su utilities mediate a critical privilege boundary on almost every open-source operating system that powers the Internet.
Sudo-rs is a sudo alternative that doesn't suffer from memory safety vulnerabilities and is designed to minimize attack surface.
Project status
Sudo-rs was first released on Aug 29, 2023. It has since been packaged for Debian, Fedora and Ubuntu and is also being adopted by security-focused distributions such as NixOS and Wolfi Linux.
Current development includes increasing cross-platform support and improve compatibility with the original sudo utility.
We'd like to thank Todd Miller, maintainer of the original sudo utility, for his advice and guidance on our implementation.
Roadmap
See the sudo-rs roadmap.
Links
History
The initial development of sudo-rs was started and funded by the Internet Security Research Group as part of the Prossimo project. A joint development effort between Tweede golf and Ferrous Systems resulted in the first release. In July 2024 the sudo-rs moved to the Trifecta Tech Foundation.
Blog and news
-
A new home for memory safe sudo/su
Today we're pleased to announce that an open source memory safe implementation of sudo/su — sudo-rs — has a new long-term home at the Trifecta Tech Foundation. Read more ... -
Providing official Fedora Linux RPM packages for ntpd-rs and sudo-rs
Memory safe NTP and sudo are now in Fedora Linux. Read more ... -
Sudo-rs dependencies: when less is better
Trifecta Tech Foundation maintainer Ruben Nijveld offers his perspective here on one of the greatest challenges we faced when developing software that can be widely adopted: Rust crate dependencies. Read more ... -
Testing sudo-rs and improving sudo along the way
Faced with the task of re-implementing sudo, one of the questions that came up early on was: how do we verify that sudo-rs behaves just like the original sudo? Read more ... -
Re-implementing Sudo in Rust
A drop-in replacement for all common modern use cases of sudo. Read more ... -
Two core Unix-like utilities, sudo and su, are getting rewrites in Rust
Two of the most fundamental tools of the modern Unix-like command line, sudo and su, are being rewritten in the modern language Rust as part of a wider effort to get critical but aging infrastructure pieces replaced by memory-safe counterparts. Read more ...