Adopting sudo-rs By Default in Ubuntu 25.10 | and status update on rust coreutils and rust PGP (discourse.ubuntu.com)
from that_leaflet@lemmy.world to linux@lemmy.ml on 06 May 11:21
https://lemmy.world/post/29210977

cross-posted from: lemmy.world/post/29210689

Adopting sudo-rs By Default in Ubuntu 25.10

#linux

threaded - newest

asudox@lemmy.asudox.dev on 06 May 12:03 next collapse

Now we just need to rewrite the Linux kernel in Rust

ferric_carcinization@lemmy.ml on 06 May 13:57 next collapse

Does it have to be Linux? Some greybeards are pretty opposed to it. I wonder if it would be easier to make our own theme park kernel with blackjack and hookers memory and thread safety, like Redox.

the_crotch@sh.itjust.works on 06 May 19:36 next collapse

This will delay Hurd by another 40 years

patatahooligan@lemmy.world on 08 May 11:12 collapse

Does it have to be Linux?

In order to be a viable general use OS, probably yes. It would be an enormous amount of effort to reach a decent range of hardware compatibility without reusing the work that has already been done. Maybe someone will try something more ambitious, like writing a rust kernel with C interoperability and a linux-like API so we can at least port linux drivers to it as a “temporary” solution.

ferric_carcinization@lemmy.ml on 09 May 08:59 collapse

I remember there being a bit of talk around a Linux driver compatibility layer for Redox in the future, but I can’t find anything about it, so I could be misremembering.

What do you mean by “C interoperability and a linux-like API”, exactly?

  1. C is pretty much the standard for FFI, you can use C libraries with Rust and Redox even has their own C standard library implementation.
  2. Linux does not have a stable kernel API as far as I know, only userspace API & ABI compatibility is guaranteed.
patatahooligan@lemmy.world on 09 May 10:21 collapse

C is pretty much the standard for FFI, you can use C libraries with Rust and Redox even has their own C standard library implementation.

Right, but I’m talking specifically about a kernel which supports building parts of it in C. Rust as a language supports this but you also have to set up all your processes (building, testing, doc generation) to work with a mixed code base. To be clear, I don’t image that this part is that hard. When I called this a “more ambitious” approach, I was mostly referring to the effort of maintaining forks of linux drivers and API compatibility.

Linux does not have a stable kernel API as far as I know, only userspace API & ABI compatibility is guaranteed.

Ugh, I forgot about that. I wonder how much effort it would be to keep up with the linux API changes. I guess it depends on how many linux drivers you would use, since you don’t need 100% API compatibility. You only need whatever is used by the drivers you care about.

MonkderVierte@lemmy.ml on 07 May 09:08 collapse

There’s RedoxOS already.

OsrsNeedsF2P@lemmy.ml on 07 May 17:42 collapse

ew MIT license

bunitor@lemmy.eco.br on 08 May 06:03 next collapse

it’s also a microkernel, double ew

MonkderVierte@lemmy.ml on 08 May 09:22 collapse

¯_(ツ)_/¯ GPL of Linux didn’t help Android being more open either. And the driver being implemented in the kernel actually is an obstacle to it, @bunitor.

atzanteol@sh.itjust.works on 06 May 12:20 next collapse

we’re also sponsoring the uutils project to ensure that some key gaps are closed before we ship 25.10. The sponsorship will primarily cover the development of SELinux support for common commands such as mv, ls, cp, etc.

I didn’t think Ubuntu used SELinux.

that_leaflet@lemmy.world on 06 May 13:10 collapse

Not by default, but you can optionally enable it.

mactan@lemmy.ml on 06 May 17:11 next collapse

what’s the license on sudo-rs, is it MIT like uutils?

Ephera@lemmy.ml on 06 May 17:37 collapse

Seems like it’s Apache-2.0, but original sudo is under ISC license, which is more permissive as far as I’m aware. Although Apache-2.0 is very much still considered “permissive”, too.

umbrella@lemmy.ml on 06 May 19:47 collapse

goddamit 😔

MonkderVierte@lemmy.ml on 07 May 09:05 next collapse

Wrong move. To make sudo more secure, you should instead ditch 90% of the features intended for server which nobody on desktop uses. 150 lines of C code is enough to provide sudo-like functionality on desktop, probably similiar in Rust.

bunitor@lemmy.eco.br on 08 May 06:05 next collapse

except ubuntu isn’t a desktop-only distro

you might also not be considering corporate workstation in an intranet

zygo_histo_morpheus@programming.dev on 08 May 09:57 collapse

They are open to drop some features apparently, but maybe not “90%”

The developers are taking a “less is more” approach. This means that some features of the original sudo may not be reimplemented if they serve only niche, or more recently considered “outdated” practices.

kixik@lemmy.ml on 07 May 09:25 next collapse

A way smaller alternative therefore less prompt to vulnerabilities is OpenDoas found on Arch/Artix/… and other distros. From the GH project:

doas is a minimal replacement for the venerable sudo. It was initially written by Ted Unangst of the OpenBSD project to provide 95% of the features of sudo with a fraction of the codebase.

MTK@lemmy.world on 08 May 05:26 collapse

Tried it but it is not a 100% compatible as sudo replacment as it lacks some of the args. This means that some programs fail as they attempt to use incorrect args.

kixik@lemmy.ml on 09 May 01:49 collapse

I’m curious about which programs if you can share. I write few bash scripts which used to call sudo, and I replace sudo with doas in those. And in case of muscular memory I also added a bash alias so that if by mistake calling sudo in reality I’d be calling doas. So far no issues. O course I don’t use fancy args, and what I really needed from sudo I used to include it in /etc/sudoers and now on /etc/doas.conf, and I believe I couldn’t include a couple of options but they were not critical since I’ve lived without them so far. And it’s weird to find actual software that requires sudo, perhaps proprietary software. One can actually live without sudo and without doas, as long as there’s still su.

Not judging, rather curious, actually I’ve met several guys who write scripts which would benefit from using sudo/doas, but they claim better call the scripts through sudo/doas rather than adding them as dependencies.

MTK@lemmy.world on 09 May 06:03 collapse

I don’t remember what it was exactly, I encountered two times where doas failed as a sudo replacement. After that I went back to sudo

nanook@friendica.eskimo.com on 07 May 10:28 next collapse

Take all the power away from the end user and give it all to Poettering, NO FUCKING THANKS.

FooBarrington@lemmy.world on 07 May 10:40 next collapse

sudo-rs doesn’t have anything to do with run0. Please take your pills grandpa, we’re worried about you.

Edit: in case you’re actually an older person, the latter part wasn’t meant as a swipe (just saw your pfp). In that case, sorry!

nanook@friendica.eskimo.com on 07 May 20:20 collapse

@FooBarrington What you are advocating is taking power away from the user. Go install WIndows 11 if this is what you want punk.

FauxLiving@lemmy.world on 08 May 02:24 next collapse

Go install WIndows 11 if this is what you want punk.

Don’t install Ubuntu 25.10 if this isn’t what you want. Using Ubuntu means accepting that they’re going to make a lot of decisions about your system. The whole point of these large pre-configured Linux distros is that they make all of the decisions for you.

If you want more control than that try installing one of the other distros that allow you to choose the software you want.

nanook@friendica.eskimo.com on 08 May 02:37 collapse

@FauxLiving I've been using Ubuntu for about 14 years and in the past they've been at least somewhat interested in user input. I hope "don't become another fucking Microsoft" is a message that Canonical gets.

FooBarrington@lemmy.world on 08 May 04:55 collapse

What? No I’m not. Using a memory-safe implementation of sudo doesn’t take any power away from the user, how does that make sense?

nanook@friendica.eskimo.com on 08 May 06:08 collapse

@FooBarrington You didn't just specify memory safe, you advocated stripping away a number of features. Yes memory safe anything is a good idea and I've got no objection to the use of rust, I think it's a good language, one of the few worthwhile efforts to emerge in recent years, but if it is going go be re-implemented, do so fully. Yes, anything that runs with privileges should be memory safe else it's open to attack and Rust certainly makes that more possible, I am just concerned about the limiting feature set aspect. I'm not in favor of protecting users from themselves, I don't want a car that is capable of reading speed limit signs and prevents me from exceeding them even if doing so might be unsafe or illegal, that not the car manufacturers job to be come an arm of the government, likewise I don't want Linux protecting me from myself, I already address potentials with regular backups, etc.

DieserTypMatthias@lemmy.ml on 08 May 14:19 collapse

Less is more.

bunitor@lemmy.eco.br on 08 May 06:05 collapse

chill

Matriks404@lemmy.world on 08 May 09:41 collapse

Why not make Ubuntu a GNU/ Redox distribution at that point?