ISRG (Internet Security Research Group), the developer of the Let’s Encrypt project and a contributor to the advancement of internet security, has released the first stable version of the project sudo-r. Sudo-r is a set of utilities written in the RUST language that allows users to execute commands on behalf of other users. The project code is available on GitHub under the licenses of Apache 2.0 and MIT. Development of sudo-rs is led by engineers from Ferrous Systems and Tweede Golf, with contributions from Google, Cisco, and Amazon Web Services. An independent code audit is planned for September to ensure the quality of the implementation.
Sudo-r aims to maintain compatibility with the classic Sudo and SU utilities, allowing it to be used as a transparent replacement for Sudo in standard scenarios. This compatibility makes sudo-r a suitable option for systems using the default configuration file /etc/sudoers on Ubuntu and Debian. The wolfi linux distribution has already adopted sudo-r in place of the traditional SUDO package to enhance security.
By developing sudo-r in the RUST language, ISRG aims to reduce the risk of vulnerabilities caused by unsafe memory work. It also aims to address errors such as accessing released memory areas and buffer overflows, which account for 70% of vulnerabilities according to Microsoft and Google.
To ensure security and compatibility with the original SUDO utility, an extensive set of tests has been developed as part of the project. Additionally, certain rarely used functionalities have been omitted from sudo-r to reduce potential attack surfaces and increase overall security.
Sudo-r differs from SUDO in various ways. It always includes the USE_PTY mode and ignores settings such as ENV_Reset, VerifyPW, and VisiblePW. Passwords are always requested, regardless of the VerifyPW setting. Sudo-r also does not support Mail_badpass, always_set_home, always_query_group_plugin, match_group_by_gid, and Sendmail. However, future updates will include features such as the Sudoedit utility, Noexec and Nointercept options, support for individual user and command bindings in the “Defaults” configuration blocks, and alternative authentication methods without relying on PAM.