This week, I wrote about something that I found interesting in the Linux world: Ubuntu is actually replacing their implementation of sudo with a version written in Rust.
There are obvious reasons for wanting to do this: sudo's job is to safely escalate the permissions of single commands. So if an attacker can bypass this using memory safety issues, then there is no limit to the potential attack surface.
https://www.clientserver.dev/p/ubuntu-is-betting-big-on-sudos-rust
In the course of this, I also went on a long tangent in my research when I found out that sudo can *send mail*. Like, not just send mail to the Linux mail spool with scary messages about your login attempts being sent to the system administrator, it actually farms out jobs to sendmail. Well, not anymore: this is one of the features that sudo-rs is removing.
In my post, I go in depth about historical security issues that sudo has faced, and explain the project motivations in more depth
Jacob Voytko