The Ubuntu 25.10 transition to using some Rust system utilities continues proving quite rocky. Beyond some early performance issues with Rust Coreutils, breakage for some executables, and broken unattended upgrades due to a Rust Coreutils bug, it’s also sudo-rs now causing Ubuntu developers some headaches. There are two moderate security issues affecting sudo-rs, the Rust version of sudo being used by Ubuntu 25.10.
All non-trivial software has bugs, and it’s unsurprising that in a
sudoimplementation in any language, many of those bugs are security-related. This is still quite young software. Ubuntu was premature in making it their default, I think, but that just means it’s immature, not that it’s completely broken.Then again, I use
suexclusively and don’t even havesudoinstalled, so I’ve got no dog in this fight.(As for Rust itself, I am neither for nor against. It’s a programming language. It has some issues that mostly seem to be related to how building and distribution is carried out in practice, rather than the core language design. I have never met a programming language without warts, and I’ve used several. If you’re experienced with the language—whatever it is—you learn how to handle them.)
If you don’t mind me asking, what are the benefits of su over sudo? I’ve heard that some people (like you) only use su instead sudo, but I haven’t really seen the reasons for why
In my case, part of it is that
sudois an extra installation for me on Gentoo, whilesuis part of the base system on any Linux. Given that all nontrivial software has bugs, every unneeded package you install adds very slightly to your security risk.In terms of security,
sudois better in the environment for which it is intended: a system with multiple human users that has a dedicated sysadmin who curates /etc/sudoers and makes sure that no user has more permissions than they absolutely need. However, only a small fraction of all machines running Linux meet those criteria. On the typical home system that’s using some distro’s defaultsudo-with-user-passwords setup, you can get root authority with only one password, whereas withsuyou need the passwords for both a wheel account and the root account. That isn’t much added security, but every little bit helps. On the other hand,sudocan be set to require you to enter your password again after a period of time, whilesuwill allow a root session to hang on unto infinity, which may matter if untrusted Linux-savvy people have physical access to your machine (I don’t have that issue).In other words, the benefits are real but minor and situational.
(None of this holds if you’ve done something really stupid in your configuration, like always starting an SSH server that allows both password login and direct root login when the system comes up. Always follow current best practice—in this case, certificate login only, and no direct root login—when setting up something that can be accessed over the network.)
(Some people claim that
sudohas stopped them from unintentionally running a command as root. I just assume any console I’m using has root privileges and I shouldn’t run dodgy commands in it to begin with.)