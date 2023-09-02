Prossimo, a project under the nonprofit Internet Security Research Group (ISRG), has announced the release of sudo-rs, a new implementation of the sudo command-line tool and the su command-line program using the Rust programming language. Sudo is a utility that allows privileged users of Unix-like systems, such as Linux and FreeBSD, to run commands as root. However, it also poses a risk as it can be exploited by rogue users or software to elevate their access to root level.

Memory safety bugs, including issues like out-of-bounds reads and writes, have been found in the original implementation of sudo. One-third of the security bugs in the original code stem from memory management issues. By rewriting sudo in Rust, the Prossimo project aims to eliminate memory-safety bugs, which have become a concern for technology companies and government agencies. These bugs can be exploited to hijack apps or systems, steal data, and infiltrate software supply chains.

Rust is a programming language known for its emphasis on memory safety and is particularly well-suited for projects that require high security. Other languages like C and C++ are not as memory safe. The new implementation of sudo has also led to the development of a test suite that helps spot bugs in the original C implementation.

The next step for the project is a third-party security audit, as well as seeking additional funding for enterprise features and hardening. Linux distributions have shown interest in adopting sudo-rs, which would make the security improvements more widely available. The adoption of memory safe languages has been encouraged by organizations like the US National Security Agency and the White House, recognizing the prevalence of memory safety bugs in software.

Overall, the implementation of sudo-rs in Rust is a significant milestone in enhancing the memory safety and security of the sudo command-line tool. It reduces the attack surface of the software and provides a foundation for greater security in Unix-like systems.

Sources:

– The Register: [Link]

– Prossimo project: [Link]

– US National Security Agency: [Link]

– White House Request for Information: [Link]