The ISRG (Internet Security Research Group), which is the founder of the Let's Encrypt project and promotes HTTPS and the development of technologies to increase the security of the Internet, presented the Sudo-rs project to create implementations of sudo and su utilities written in Rust that allow you to execute commands on behalf of others users. Under the Apache 2.0 and MIT licenses, a pre-release version of Sudo-rs has already been published, not yet ready for general use. The project, which began work in December 2022, is scheduled to be completed in September 2023.
Work is currently focused on implementing features in Sudo-rs that allow it to be used as a transparent replacement for sudo in typical use cases (default sudoers configurations on Ubuntu, Fedora, and Debian). In the future, there are plans to create a library that allows embedding sudo functionality into other programs and provide an alternative configuration method that avoids parsing the syntax of the sudoers configuration file. Based on the implemented sudo functionality, a variant of the su utility will also be prepared. Additionally, the plans mention support for SELinux, AppArmor, LDAP, audit tools, the ability to authenticate without using PAM, and the implementation of all sudo command line options.
According to Microsoft and Google, about 70% of vulnerabilities are caused by unsafe memory management. It is expected that using the Rust language to develop su and sudo will reduce the risk of vulnerabilities caused by unsafe memory handling and eliminate the occurrence of errors such as accessing a memory area after it has been freed and buffer overruns. Sudo-rs is being developed by engineers from Ferrous Systems and Tweede Golf with funds provided by companies such as Google, Cisco, Amazon Web Services.
Memory-safe handling is provided in Rust at compile time through reference checking, keeping track of object ownership and object lifetime (scope), as well as through evaluation of the correctness of memory access during code execution. Rust also provides protection against integer overflows, requires mandatory initialization of variable values ββbefore use, handles errors better in the standard library, applies the concept of immutable references and variables by default, offers strong static typing to minimize logical errors.
Source: opennet.ru