Memory-Safe Sudo-rs To Become Default In Ubuntu 25.10

Rust-y Linux Is A Good Thing

Ubuntu has a fairly large announcement that may not be terribly exciting for many, will help many security specialists sleep better at night.  The current Sudo command is vulnerable to several privilege escalation vulnerabilities, stemming from it’s C and C++ roots.  Certain processes can be abused to trigger things like dangling pointers and use-after-free errors which hackers can take advantage of, and Sudo as it exists now does not enforce single ownership.  All in all, moving to Sudo-rs is a good step forward in securing one of the major causes of crashes and unauthorized access to Linux based devices.

All is not perfect, the Rust programming language is not necessarily installed on all Linux distributions by default and if you wish to switch you may need to recompile your kernel.  In many cases it is a simple install, but there are always custom builds to worry about.  There is work to be done to ensure compatibility with NOEXEC, control of AppArmor profiles and, as of now, sudoedit is not compatible.  The team at the Trifecta Tech Foundation is working on those challenges, as well as adding support for Linux Kernels older than version 5.9.

You can test Sudo-rs on your own now if you want to see what effect it has on your systems, before the release of Ubuntu 25.10.