ISRG, the Internet Security Research Group, has presented a project called sudo-rs in an effort to increase internet security. This project aims to create Rust Sudo UTOLS implementations and SU for executing commands on behalf of other users. Sudo-r has been published under the licenses of Apache 2.0 and MIT, and it is not yet ready for widespread use. The project, which began in December 2022, is expected to conclude in September 2023.
Currently, the work is being focused on the implementation of Sudo-D functions. These functions will allow the utility to be used as a transparent replacement of SUDO in typical use scenarios, which includes Sudoers configuration by default in Ubuntu, Fedora, and Debian. The goal is to create a library that can embed SUDO functionality into other programs and provide an alternative setup method. This will enable analysis of the Sudoers configuration file syntax. The SU utility option will also be created based on the implemented functionality of SUDO. The project plans to support Selinux, Apparmor, LDAP, Audit means, and authentication without the use of PAM. All SUDO command-line options will also be implemented.
According to Microsoft and Google, about 70% of vulnerabilities are caused by unsafe memory work. By using Rust for the development of SU and Sudo, the risk of vulnerabilities caused by unsafe memory work will be reduced, and errors such as an appeal to the memory area after its release or exiting by the buffer boundary will be eliminated. Engineers from Ferrous Systems and Tweede Golf are developing SUDO-RS with funds provided by companies such as Google, Cisco, and Amazon Web Services.
Safe memory work is assured in Rust during compilation through reference checking, tracking the ownership of objects, and considering the lifetime of objects’ visibility. Rust also protects against integer overflow, requires the mandatory initialization of variables before use, better processes errors in the standard library, applies the concept of irreplaceability links and default variables, and offers strong static typification to minimize logical errors.