• abobla@lemm.ee
    491·
    2 months ago

    This comment seems interesting, it was first question that popped into my head:

    • atzanteol@sh.itjust.worksEnglish
      252·
      2 months ago

      That is… A big claim. Yeah, rust minimizes or removes some categories of vulnerabilities. This is true. BUT sudo has been well tested over decades.

      • Clusterfck@lemmy.sdf.org
        61·
        2 months ago

        I’ll be the first to admit to not paying much attention to Linux vulnerabilities, but I agree, I feel like a vulnerability in a package like sudo would have been huge news.

        • ShortN0te@lemmy.ml
          7·
          2 months ago

          cve-2021-3156 heap overflow in sudo. roughly 10 years long in sudo. Allowed privilege escalation. It was huge.

  • Daniel Quinn@lemmy.caEnglish
    155·
    2 months ago

    Is it GPL though? If this is a case of MIT-licensed stuff weaseling its way into Linux core utils, I’m not interested.

      • Daniel Quinn@lemmy.caEnglish
        6·
        2 months ago

        This is what I get for posting at 1am. Thanks for the clarification. Yeah I just assumed it was the same situation as coreutils.

    • mogoh@lemmy.ml
      3·
      2 months ago

      Where is the problem when something mit-licensed is in core utils?

      Edit: sudo isn’t even a core util.

      • Daniel Quinn@lemmy.caEnglish
        292·
        2 months ago

        Granted, sudo isn’t in coreutils, but it’s sufficiently standard that I’d argue that the licence is very relevant to the wider Linux community.

        Anyway, I answered this at length the last time this subject came up here, but the TL;DR is that private companies (like Canonical, who owns Ubuntu) love the MIT license because it allows them to take the code and make proprietary versions of it without having to release the source code. Consider the implications of a sudo binary that’s Built For Ubuntu™ with closed-source proprietary hooks into Canonical’s cloud auth provider. It’s death by a thousand MIT-licensed cuts to our once Free operating system.

        • JubilantJaguar@lemmy.world
          61·
          2 months ago

          Very useful concrete example of how these changes might be a problem. Thanks.

        • serenissi@lemmy.world
          37·
          2 months ago

          What’s the problem with it? These MIT programs already exists. Anyone can make proprietary version. Including in Ubuntu doesn’t change that.

          Also your example is pointless. Canonical would rather make a proprietary pam module instead of a custom internal fork of sudo-rs.

  • Read Bio@lemm.eeEnglish
    2·
    2 months ago

    I wonder the performance compared to regular sudo

    • spv.sh@lemmy.spv.sh
      4·
      2 months ago

      rust compiles to native code, so barring some horrific implementation issues, i’d bet my money on it being roughly equivalent.