The First Stable Release of a Memory Safe sudo Implementation
source link: https://www.memorysafety.org/blog/sudo-first-stable-release/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
The First Stable Release of a Memory Safe sudo Implementation
Josh Aas
Aug 29, 2023
Prossimo is pleased to announce the first stable release of sudo-rs, our Rust rewrite of the critical sudo utility.
The sudo utility is one of the most common ways for engineers to cross the privacy boundary between user and administrative accounts in the ubiquitous Linux operating system. As such, its security is of the utmost importance.
The sudo-rs project improves on the security of the original sudo by:
Using a memory safe language (Rust), as it's estimated that one out of three security bugs in the original sudo have been memory management issues
Leaving out less commonly used features so as to reduce attack surface
Developing an extensive test suite which even managed to find bugs in the original sudo
The Wolfi Linux OS already includes sudo-rs and we hope that others will follow their lead. "When we first set out to build Wolfi, making sure it was memory safe was always a top priority," said Dan Lorenc, CEO and Co-founder at Chainguard. "The sudo utility is a perfect example of a security-critical tool that's both pervasive and under-appreciated. Security improvements to tools like this will have an outsized impact on the entire industry. The work that went into building the first sudo-rs release is a great step forward in eliminating potential security issues by adopting memory safe languages like Rust. This is critical for upholding and maintaining Wolfi as the secure-by-default foundation for developers who want to address most modern supply chain threats."
A joint team from Tweede Golf and Ferrous Systems built sudo-rs under contract with Prossimo. We're pleased with how much progress they've made since starting this project in December, 2022. An external security audit of the sudo-rs code is scheduled to start in September 2023. After that, the team will start on Milestone 4 of our work plan, which focuses on enterprise features.
The original C-based sudo utility has been maintained by Todd C. Miller for many years now, and we're grateful to him for taking on this huge and important task. We're also grateful that Todd has made time to offer us excellent advice on implementing sudo-rs.
Prossimo is able to take on the challenging work of rewriting critical components of the Internet thanks to our community of funders from around the world. We’d like to thank the NLnet Foundation for their funding of the audit of Sudo-rs. We'd also like to thank Amazon Web Services for supporting this work and supporting the transition to memory safe software.
ISRG is a 501(c)(3) nonprofit organization that is 100% supported through the generosity of those who share our vision for ubiquitous, open Internet security. If you'd like to support our work, please consider getting involved, donating, or encouraging your company to become a sponsor.
Recommend
-
83
ump A universal thread-safe memory pool. This simple memory pool can be used if following conditions are satisfied: (1) The memory sizes are some fixed numbers. E.g, 32 ,
-
18
Jeff Roberson jroberson...
-
7
nigeltao.github.io Jsonptr: Using Wuffs’ Memory-Safe, Zero-Allocation JSON Decoder Summary: jsonptr is a new, sandboxed command-line tool that formats...
-
5
Unity (Pre 5.5) Memory Safe Enumerators with C5 Generic Collection Library DISCLAIMER: The topic treated in this article is only valid for version of Unity up to 5.4 Long time ago I...
-
5
A proper thread safe memory cache The Core 2.2 IMemoryCache is in theory thread safe. But if you call GetOrCreateAsync from multiple threads the factory Func will be called multiple times. Whi...
-
2
OpenWrt 22.03.0 - First Stable Release - 6 September 2022 _______ ________ __ | |.-----.-----.-----.| | | |.----.| |_ | - ||...
-
7
A Memory Safe Implementation of the Network Time ProtocolFolkert de VriesOct 11, 2022Folkert and the team at
-
1
sudo-rs A safety oriented and memory safe implementation of sudo and su written in Rust. WAR...
-
2
Bringing Memory Safety to sudo and suJosh AasApr 26, 2023Our Prossimo project has historically focused on creating safer software on netw...
-
2
Gleam language available in first stable release Now available in v1.0.0, Gleam is a small, simple, opinionated, type-safe programming language that runs...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK