wonderingwandererIsn’t the whole point of FOSS software that anyone can fork it?
SailorMossThe article points out that sudo has already been forked by Ubuntu maintainer canonical into sudo-rs which reimplements sudo in rust with better memory protections. It also states that the maintainer of sudo expects sudo-rs to be the future of sudo.
That’s good, at least everything won’t collapse catastrophically at this like a single point of failure without any redundancies. It would be better if someone other than canonical would do it, but at least no one is…
sudo-rs is not a fork.
alososudo-rs is a complete re-implementation, not a fork. Also, sudo-rs was not created by Ubuntu. It was created by Tweede Golf and Ferrous System with funding from Prossimo. Since 2024 it is being maintained by the Trifecta Tech Foundation. Ubuntu merely packages it.
sudo and su
The Story The sudo and su utilities mediate a critical privilege boundary on just about every open source operating system that powers the Internet. Unfortunately, these utilities have a long history of memory safety issues. By rewriting sudo and su in Rust we can make sure they don't suffer from any more memory safety vulnerabilities. By leaving out infrequently used features we can reduce attack surface. What We've Done In December of 2022 we funded a joint development effort between Tweede Golf and Ferrous Systems to rewrite sudo and su in Rust.