But this is not the first system package replaced by a rust rewrite (on some distros) - something that has been working well for so long and is so fundamental for so many other softwares - is that wise?
Was there ever a problem wrt memory safety with sudo?
There’s been plenty of cases of a piece of software/library/whatever “working well” for years until one day OOPS there’s actually a gaping vulnerability in it. Hopefully, it’s a researcher that finds it first so it can be patched, but that doesn’t always happen. That’s how there’s a whole market for “0 days”
Yeah, and sudo is not some special case either as there are plenty of CVEs for sudo specifically due to buffer overflow or other memory issues over the years. There are likely more hiding and waiting to be found.
Only issue here is sudo is a lot more mature then sudo-rs and memory issues are not the only exploitable bug that can happen. It does look like sudo-rs has gone through at least one security audit though that only found a moderate and couple of low sev issues. Would be good to have more people audit it though.
There’s been plenty of cases of a piece of software/library/whatever “working well” for years until one day OOPS there’s actually a gaping vulnerability in it. Hopefully, it’s a researcher that finds it first so it can be patched, but that doesn’t always happen. That’s how there’s a whole market for “0 days”
“Working well” != “Secure”
Yeah, and sudo is not some special case either as there are plenty of CVEs for sudo specifically due to buffer overflow or other memory issues over the years. There are likely more hiding and waiting to be found.
Only issue here is sudo is a lot more mature then sudo-rs and memory issues are not the only exploitable bug that can happen. It does look like sudo-rs has gone through at least one security audit though that only found a moderate and couple of low sev issues. Would be good to have more people audit it though.
I think long term a rust version is a better choice. I do worry about exploits in immature code, though.