Ubuntu Makes the Switch: From C-Based sudo to Rust-Based sudo-rs

Rust continues its deeper integration into the most popular Linux distribution

Ubuntu is advancing its commitment to system security by replacing one of its core components. Experimental builds of the upcoming Ubuntu 25.10 now use sudo-rs by default — a Rust-based rewrite of the classic sudo utility.

This decision is part of an initiative to transition to more secure and reliable implementations of essential utilities, eliminating typical C code vulnerabilities such as buffer overflows, use-after-free errors, and other security flaws.

What is sudo-rs and Why Do We Need It?

Read moreThe DNS Zone For Beginners | cPanel Blog

The sudo-rs project is developed with full compatibility with the original sudo in mind, but it’s written in Rust, which offers strict memory management and a safe type system.

Canonical (Ubuntu’s developer) officially approved the transition to sudo-rs back in May 2025, but the full replacement only began recently with the implementation of all necessary features:

  • Support for older Linux kernel versions (down to 5.9)
  • Support for NOEXEC and AppArmor
  • Stability bug fixes
  • Migration of sudo-rs to the main repository after security audit

What About Regular sudo?

The classic sudo is still available in the system. Users can revert to it using the command:

sudo update-alternatives --set sudo /usr/bin/sudo.ws
Read moreHow To Build An Effective Landing Page For Reseller Hosting | cPanel Blog

However, in Ubuntu 26.10, developers plan to completely remove the classic version from the main repository, leaving only sudo-rs.

What’s Next?

There are also discussions about replacing the su command with a similar Rust implementation — su-rs. For now, /usr/bin/su remains the classic version, but experiments with the alternative are already planned.

Ubuntu isn’t the first system transitioning to Rust implementations of core components. Similar trends have been established by:

  • Fedora, which is testing Rust-based systemd modules
  • System76 Pop!_OS, where some user tools are already written in Rust
  • Redox OS, an operating system built from scratch in Rust

Why This Matters

The Rust implementation of sudo isn’t just a “trendy” rewrite. It’s a step toward eliminating an entire class of vulnerabilities that have plagued Linux infrastructure for decades.

Utilities like sudo, su, and passwd handle privileges and user input, making them primary targets for attacks.

Using Rust in such utilities allows for:

  • Eliminating entire classes of vulnerabilities at compile time
  • Improving reliability and readability of system code
  • Simplifying subsequent auditing and maintenance

If no critical bugs emerge, sudo-rs will appear in the Ubuntu 26.04 LTS release by default and permanently.

In case you have found a mistake in the text, please send a message to the author by selecting the mistake and pressing Ctrl-Enter.

You must be logged in to comment.

Sign In

Similar Posts