Adopting sudo-rs By Default in Ubuntu 25.10
Adopting sudo-rs By Default in Ubuntu 25.10
discourse.ubuntu.com
Adopting sudo-rs By Default in Ubuntu 25.10
17 comments
-
-
Is it GPL though? If this is a case of MIT-licensed stuff weaseling its way into Linux core utils, I'm not interested.
-
sudo is MIT also (or something that looks like MIT at least). https://www.sudo.ws/about/license/
The more critical part wrt license is real coreutils which they also want to replace.
-
This is what I get for posting at 1am. Thanks for the clarification. Yeah I just assumed it was the same situation as coreutils.
-
-
Looks like it's dual licenced, MIT and Apache https://github.com/trifectatechfoundation/sudo-rs
-
Where is the problem when something mit-licensed is in core utils?
Edit: sudo isn't even a core util.
-
Granted, sudo isn't in coreutils, but it's sufficiently standard that I'd argue that the licence is very relevant to the wider Linux community.
Anyway, I answered this at length the last time this subject came up here, but the TL;DR is that private companies (like Canonical, who owns Ubuntu) love the MIT license because it allows them to take the code and make proprietary versions of it without having to release the source code. Consider the implications of a
sudobinary that's Built For Ubuntu™ with closed-source proprietary hooks into Canonical's cloud auth provider. It's death by a thousand MIT-licensed cuts to our once Free operating system.
-
-
-
I don't know how often exploits that this would prevent are found, but sometimes
-
I wonder the performance compared to regular sudo
-
rust compiles to native code, so barring some horrific implementation issues, i'd bet my money on it being roughly equivalent.
-
-
How does sudo-rs compare to doas?
-
Can’t wait to test it out!
17 comments
This comment seems interesting, it was first question that popped into my head:
That is... A big claim. Yeah, rust minimizes or removes some categories of vulnerabilities. This is true. BUT sudo has been well tested over decades.
I'll be the first to admit to not paying much attention to Linux vulnerabilities, but I agree, I feel like a vulnerability in a package like sudo would have been huge news.