Linux

7256 readers

603 users here now

A community for everything relating to the GNU/Linux operating system

Also check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

Sudo-rs make me a sandwich, hold the buffer overflows (www.theregister.com)

submitted 1 day ago by cm0002@lemmy.world to c/linux@programming.dev

4 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] cm0002@lemmy.world 10 points 1 day ago (1 children)

But this is not the first system package replaced by a rust rewrite (on some distros) - something that has been working well for so long and is so fundamental for so many other softwares - is that wise?

Was there ever a problem wrt memory safety with sudo?

There's been plenty of cases of a piece of software/library/whatever "working well" for years until one day OOPS there's actually a gaping vulnerability in it. Hopefully, it's a researcher that finds it first so it can be patched, but that doesn't always happen. That's how there's a whole market for "0 days"

"Working well" != "Secure"

[–] nous@programming.dev 9 points 1 day ago

Yeah, and sudo is not some special case either as there are plenty of CVEs for sudo specifically due to buffer overflow or other memory issues over the years. There are likely more hiding and waiting to be found.

Only issue here is sudo is a lot more mature then sudo-rs and memory issues are not the only exploitable bug that can happen. It does look like sudo-rs has gone through at least one security audit though that only found a moderate and couple of low sev issues. Would be good to have more people audit it though.