This comment seems interesting, it was first question that popped into my head:
this post was submitted on 08 May 2025
69 points (92.6% liked)
Linux
54028 readers
1264 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 6 years ago
MODERATORS
That is... A big claim. Yeah, rust minimizes or removes some categories of vulnerabilities. This is true. BUT sudo has been well tested over decades.
I'll be the first to admit to not paying much attention to Linux vulnerabilities, but I agree, I feel like a vulnerability in a package like sudo would have been huge news.
cve-2021-3156 heap overflow in sudo. roughly 10 years long in sudo. Allowed privilege escalation. It was huge.
Is it GPL though? If this is a case of MIT-licensed stuff weaseling its way into Linux core utils, I'm not interested.
sudo is MIT also (or something that looks like MIT at least). https://www.sudo.ws/about/license/
The more critical part wrt license is real coreutils which they also want to replace.
This is what I had for posting at 1am. Thanks for the clarification. Yeah I just assumed it was the same situation as coreutils.
Where is the problem when something mit-licensed is in core utils?
Edit: sudo isn't even a core util.
Granted, sudo isn't in coreutils, but it's sufficiently standard that I'd argue that the licence is very relevant to the wider Linux community.
Anyway, I answered this at length the last time this subject came up here, but the TL;DR is that private companies (like Canonical, who owns Ubuntu) love the MIT license because it allows them to take the code and make proprietary versions of it without having to release the source code. Consider the implications of a sudo binary that's Built For Ubuntu™ with closed-source proprietary hooks into Canonical's cloud auth provider. It's death by a thousand MIT-licensed cuts to our once Free operating system.
Very useful concrete example of how these changes might be a problem. Thanks.
What's the problem with it? These MIT programs already exists. Anyone can make proprietary version. Including in Ubuntu doesn't change that.
Also your example is pointless. Canonical would rather make a proprietary pam module instead of a custom internal fork of sudo-rs.
Can’t wait to test it out!