Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Programming Security Linux

'sudo' and 'su' Are Being Rewritten In Rust For Memory Safety (phoronix.com) 143

Phoronix reports: With the financial backing of Amazon Web Services, sudo and su are being rewritten in the Rust programming language in order to increase the memory safety for the widely relied upon software... to further enhance Linux/open-source security.
"[B]ecause it's written in C, sudo has experienced many vulnerabilities related to memory safety issues," according to a blog post announcing the project: It's important that we secure our most critical software, particularly from memory safety vulnerabilities. It's hard to imagine software that's much more critical than sudo and su.

This work is being done by a joint team from Ferrous Systems and Tweede Golf with generous support from Amazon Web Services. The work plan is viewable here. The GitHub repository is here.

This discussion has been archived. No new comments can be posted.

'sudo' and 'su' Are Being Rewritten In Rust For Memory Safety

Comments Filter:
  • by bettodavis ( 1782302 ) on Sunday April 30, 2023 @09:14PM (#63487748)
    I get that young developers want to earn reputation and prove their skills reinventing the wheel.

    It's the circle of life in CS, and as time passes, more and more things are already invented, therefore there's no other option than re-doing them in the latest hipster-ish fad.

    But some things just don't make sense to remake them. Su and sudo are foundational tools, where having them tested for decades is a feature.
    • by Somervillain ( 4719341 ) on Sunday April 30, 2023 @09:52PM (#63487800)

      I get that young developers want to earn reputation and prove their skills reinventing the wheel. It's the circle of life in CS, and as time passes, more and more things are already invented, therefore there's no other option than re-doing them in the latest hipster-ish fad. But some things just don't make sense to remake them. Su and sudo are foundational tools, where having them tested for decades is a feature.

      Normally I agree with you, but in this case, these may have been "tested" for decades, but there are lots of vulnerabilities with them. Notice how they're only rewriting one vulnerable application and not the entire Linux kernel? It's a simple competition. If this group can write a more secure replacement that is just as nice and performant, it's a victory for all...if their rewrite sucks?...OK...back to the old version. Just because a tool is new doesn't necessarily mean it's better, like rust, but the reverse is true...just because a program is old, doesn't mean there's no room for improvement...AWS isn't throwing away money to be a hipster. They view it as a serious vulnerability.

      • What vulnerabilities?
        • "What vulnerabilities?"

          Just to pick an example out of thin air, there was a nasty root vulnerability from a buffer overflow in sudo that got caught just a couple of years ago (CVE-2021-3156). I'm sure there are lots of others.

          • by JBMcB ( 73720 )

            I see three or four memory/buffer related vulnerabilities over the last 20 years or so, looking at the CVE log. The vast majority have to do with PAM and weird combinations of third party management utilities related to file permissions, which rust isn't going to help.

      • by cstacy ( 534252 )

        More likely they're doing it to promote Rust, which they think is a good idea. They don't think there are vulnerabilities with this program. Rather, they think a super-high-profile project will bring credibility to Rust, which factions of their engineering team want to use.

        "Rust? Is that a good idea?"
        "Well, it's what su and sudo are written in!"

      • Iâ(TM)ve noticed how theyâ(TM)ve picked something that is simple to use and would be very difficult to make less nice and less performant. This wonâ(TM)t prove anything important.

  • A simple search showed a vulnerability issue for sudo in 2021 and 2023.
    And it exists since 1980 or so?

    So, the question comes purely down to "why?'.
    Well, it's actually not much of a question in today's fad obsessed culture.

    • A simple search showed a vulnerability issue for sudo in 2021 and 2023.
      And it exists since 1980 or so?

      So, the question comes purely down to "why?'.
      Well, it's actually not much of a question in today's fad obsessed culture.

      There was that time when the Debian package maintainer for sudo decided that the way it handled environment variables was 'unsafe' and modified it to his liking, putting it in as a 'security update' and broke rather a lot of peoples systems...

  • by 93 Escort Wagon ( 326346 ) on Sunday April 30, 2023 @09:51PM (#63487798)

    That doesn't mean all the distros are planning to adopt it.

  • As if memory related issues are the only issue.

  • ...will it still make you a sandwich?

  • by ArchieBunker ( 132337 ) on Sunday April 30, 2023 @10:29PM (#63487852)

    For architectures without the resources to build the rust toolchain?

    • Oh yeah I forgot, all software needs to work on all devices in all situations. All Linux and Unix systems are identical so anyone writing anything that doesn't work absolutely everywhere is just stupid. /S

      • Was that not the point of Linux and GNU? You have all the C code and tools to maintain and build your own system. Now that’s broken and you need something larger to cross compile with. Plenty of low power ARM devices can’t build rust natively.

        • by flink ( 18449 )

          Aren't you cross compiling from a more powerful platform for those targets anyway? And if rust doesn't support your low-powered architecture, can't you still use the C-based implementation of sudo? I don't thing it will go away any time soon.

    • Cross-compilers?

    • For architectures without the resources to build the rust toolchain?

      The Rust toolchain uses the LLVM backend, which covers approximately all architectures in use today, and even many that are not. What is an architecture you'd like to use for which there is no LLVM support? Granted that it might take some work to get Rust self-hosting on obscure architectures, but cross-compilation to basically anything is pretty easy.

  • God mode (Score:3, Funny)

    by davidwr ( 791652 ) on Sunday April 30, 2023 @10:34PM (#63487870) Homepage Journal

    What if.....

    God@universe$ shutdown -r now
    Access denied. Must be superuser.
    God@universe$ sudo shutdown -r now

    • by bn-7bc ( 909819 )
      Well meyby yjr admin in charge of the universe system, should have had a bit of a thank before adding God to the sudoers file, does God really need all the power of root?
  • ...to being able to make a Genesis joke. Damn.

  • by Dictator For Life ( 8829 ) on Sunday April 30, 2023 @10:48PM (#63487884) Homepage
    Maybe they should get together with these guys [github.com].
  • I recently found I had to make a tech debt payment when Alpine replaced 'sudo' with 'doas'. Do I feel assured that it's better? Not really.

  • Can these blogs and articles just die already? Just because you decide to write something that exists in another language does not justify an article.
  • Because quality open source software needs large budgets, amiright?

  • Rust is just another language/framework with its own problems and bugs. Sudo and su are so old and should have had most memory issues resolved. I think it's more with them wanting to do something and getting paid for it.

    • by vyvepe ( 809573 )
      It depends what you compare Rust to. If you compare it to Haskell then it is not more safe. If you compare it to C then sure as hell Rust is more safe.
  • Similar to how SystemD sparked new distros without it, it is time for a distro where only C based programs are allowed. It will be a challenge in dependency resolution at least. The biggest challenge will be browsing the web since Firefox and Chromium are both rusty.
  • because Python is superior when it comes to handling memory.
    I'm only struggling to get the indents right.
    I'd wish one could use tabs to nicely line-up everything but the evil Dutch Dictator decided that tabs were evil on his 40-column CRT.

  • Not seeing the brouhaha here. This boils down to a couple of people who like Rust making a fork of sudo/su to rewrite it in that language. Will my distro switch from its current implementations of those programs to this new one as soon as its released? Maybe, but probably not. Will your distro switch from its current implementation to this new one as soon as its released? Maybe, but probably not. Will our distros consider switching after this new version is out and has a proven track record of being f
  • At least, sudo. Su still has uses, but sudo is outright harmful. That is, on multi-user machines, what is was meant for. On single user systems, where its seems nowadays seems all but inevitable, it does not even have a proper function.

    https://michaeleriksson.wordpr... [wordpress.com]

  • Since Amazon is fronting this and the news isn t super widespread does this mean that ALL distros get this automatically or just AWS? Does seem like a drastic change.

If all else fails, lower your standards.

Working...