Adopting sudo-rs By Default in Ubuntu 25.10
discourse.ubuntu.com
Introduction Following on from Carefully But Purposefully Oxidising Ubuntu, Ubuntu will be the first major Linux distribution to adopt sudo-rs as the default implementation of sudo, in partnership with the Trifecta Tech Foundation The change will be effective from the release of Ubuntu 25.10. You can see the Trifecta Tech Foundation’s announcement here. What is sudo-rs? sudo-rs is a reimplementation of the traditional sudo tool, written in Rust. It’s being developed by the Trifecta Tech Founda...
  • kixik@lemmy.ml
    3·
    3 days ago

    A way smaller alternative therefore less prompt to vulnerabilities is OpenDoas found on Arch/Artix/… and other distros. From the GH project:

    doas is a minimal replacement for the venerable sudo. It was initially written by Ted Unangst of the OpenBSD project to provide 95% of the features of sudo with a fraction of the codebase.

    • MTK@lemmy.world
      1·
      3 days ago

      Tried it but it is not a 100% compatible as sudo replacment as it lacks some of the args. This means that some programs fail as they attempt to use incorrect args.

      • kixik@lemmy.ml
        1·
        2 days ago

        I’m curious about which programs if you can share. I write few bash scripts which used to call sudo, and I replace sudo with doas in those. And in case of muscular memory I also added a bash alias so that if by mistake calling sudo in reality I’d be calling doas. So far no issues. O course I don’t use fancy args, and what I really needed from sudo I used to include it in /etc/sudoers and now on /etc/doas.conf, and I believe I couldn’t include a couple of options but they were not critical since I’ve lived without them so far. And it’s weird to find actual software that requires sudo, perhaps proprietary software. One can actually live without sudo and without doas, as long as there’s still su.

        Not judging, rather curious, actually I’ve met several guys who write scripts which would benefit from using sudo/doas, but they claim better call the scripts through sudo/doas rather than adding them as dependencies.

        • MTK@lemmy.world
          1·
          2 days ago

          I don’t remember what it was exactly, I encountered two times where doas failed as a sudo replacement. After that I went back to sudo

  • atzanteol@sh.itjust.worksEnglish
    6·
    4 days ago

    we’re also sponsoring the uutils project to ensure that some key gaps are closed before we ship 25.10. The sponsorship will primarily cover the development of SELinux support for common commands such as mv, ls, cp, etc.

    I didn’t think Ubuntu used SELinux.

    • Ephera@lemmy.mlEnglish
      8·
      4 days ago

      Seems like it’s Apache-2.0, but original sudo is under ISC license, which is more permissive as far as I’m aware. Although Apache-2.0 is very much still considered “permissive”, too.

  • MonkderVierte@lemmy.ml
    45·
    3 days ago

    Wrong move. To make sudo more secure, you should instead ditch 90% of the features intended for server which nobody on desktop uses. 150 lines of C code is enough to provide sudo-like functionality on desktop, probably similiar in Rust.

    • zygo_histo_morpheus@programming.dev
      3·
      2 days ago

      They are open to drop some features apparently, but maybe not “90%”

      The developers are taking a “less is more” approach. This means that some features of the original sudo may not be reimplemented if they serve only niche, or more recently considered “outdated” practices.