Ubuntu 25.10 Swaps sudo for Faster Rust-Based Alternative
▼ Summary
– Canonical is replacing the traditional sudo tool with a new Rust-based version, sudo-rs, to improve security.
– The shift leverages Rust’s memory safety features like ownership, borrow checking, and null prevention to eliminate vulnerabilities common in C-based software.
– sudo-rs is currently available for testing in Ubuntu 25.10 but doesn’t replace sudo yet and must be installed separately.
– The new tool aims to be a near drop-in replacement, though some less secure features (like LDAP sudoers distribution) won’t be supported.
– Canonical plans to keep the original sudo in archive repositories for users who prefer it, while other Linux distributions haven’t yet announced similar moves.
Ubuntu’s upcoming 25.10 release is making waves by replacing the traditional sudo command with a modern Rust-based alternative designed for enhanced security and performance. This shift marks a significant change for Linux users accustomed to the decades-old tool, signaling Canonical’s commitment to adopting memory-safe programming practices.
The new implementation, called sudo-rs, is being developed by the Trifecta Tech Foundation, a nonprofit focused on creating secure open-source infrastructure software. Unlike the original C-based sudo, Rust’s built-in safety features eliminate common vulnerabilities like null pointer dereferences, use-after-free errors, and data races. Key advantages include:
- Ownership System: Ensures proper memory management by assigning clear responsibility for deallocating values.
- Borrow Checker: Validates references to prevent invalid data access.
- Null Safety: Enforces strict handling of null values to avoid crashes.
- Smart Pointers: Manages memory automatically to prevent leaks and dangling pointers.
While sudo-rs aims to be a near drop-in replacement, it omits some legacy features, such as LDAP-based sudoers file distribution, to prioritize security. Early adopters can test it on Ubuntu 25.10 by installing the package from standard repositories, though the original sudo remains available for compatibility.
Interestingly, the transition is designed to be seamless, once fully integrated, users will continue typing `sudo` as usual, with no noticeable difference in behavior. Canonical has also assured users that the classic sudo will remain accessible in archive repositories for those preferring the older version.
For now, Ubuntu appears to be leading this change, leaving other distributions to decide whether to follow suit. As Rust gains traction in system-level software, this move could set a precedent for future security-focused upgrades across the Linux ecosystem.
Testing reveals minor quirks, like occasional command recognition delays, but overall, sudo-rs performs reliably, proving that modernization doesn’t have to disrupt workflow. Whether other distros embrace Rust-based alternatives remains to be seen, but one thing is clear: the future of Linux administration is getting a much-needed security boost.
(Source: The News Stack)
