‘sudo’ and ‘su’ Are Being Rewritten In Rust For Memory Safety

Donations Make us online

Phoronix reports:

With the financial backing of Amazon Web Services, sudo and su are being rewritten in the Rust programming language in order to increase the memory safety for the widely relied upon software… to further enhance Linux/open-source security.
“[B]ecause it’s written in C, sudo has experienced many vulnerabilities related to memory safety issues,” according to a blog post announcing the project:
It’s important that we secure our most critical software, particularly from memory safety vulnerabilities. It’s hard to imagine software that’s much more critical than sudo and su.

This work is being done by a joint team from Ferrous Systems and Tweede Golf with generous support from Amazon Web Services. The work plan is viewable here. The GitHub repository is here.


Source link