Can anyone explain why do we need this rewrite? What I’m hearing is just that the language is memory safe and, honestly, it sounds like a weak argument. Unless the program is actively evolving or requires regular updates and it can be seen that a rewrite could genuinely improve things…
All I’ve seen in these media posts were just vague “what if” arguments. If that’s it, a rewrite seems pretty dumb.
That’s honestly more of a problem than a feature at this point. The GPL at least protects open source projects as a “public good” and forces corporate users to contribute their changes back to the public (in some manner). All permissive licenses do is let corporations leech off the community without a requirement to give back.
Image working in an old building, there is no coffee machine, there is no warm water and if you want to do something new, chances of you getting in trouble because you forgot to mess with CMake or free memory, are high.
But the building works since it has been tested for 30 years.
Rust is a new building that you can move over to, there is a coffee machine that is a bit complicated at first but once you understand it it is that bad, there is warm water and you don’t have to mess with CMake or allocate/free memory for everything.
But the building is new, there will be issues here and there and sometimes the promised warm water wont work since someone fucked it up, but in general it is just sooooo much more comfy to work in.
Rust is not about making Programming languages fast or memory safe. If you truly want to do that, I recommend doing crack and writing in assembly.
It is about making programming easier without sacrificing speed.
OK, imagine youre in a new car and youre like hmm donuts are good. But you know that when flight was first discovered it was scary, then after all that scares you knew it was worth while running the distance. Sometimes you gotta know when to fold em.
Ok, valid, is sudo (in this case) actively developed? Hom much maintenance does it require?
All these analogies amount to what exactly? New == better?
I get the enthusiasm for new shiny thing, especially when the new tool is better. But why do we need something like sudo rewriten? How does it make lives easier?
There’s a saying: if it ain’t broke… I’m trying to figure how and why it’s broken and all I see just a selling pitch for the language.
The analogy is “this building is working and tested, but it something DOES break it’s a huge pain to fix it.” whereas in rust it would be relatively painless. I don’t know if that’s worth rewriting it in rust but if the rust fanatics want to do it then eh why not.
Well that’s a very valid argument. If cost and impact of an error is very high and a rewrite mitigates that, sure, why not rewrite it. But in this comment thread I had to offer this argument myself, I haven’t really seen it properly communicated.
It’s always — memory safety this, error handling that… These are good reasons to pick a language for a new project, but, god damn, it’s a stupid reason for a stable program rewrite (let’s say the program is mostly in maintenance mode: no major new features are planned; correct me if that’s not the case for sudo).
Sudo is being actively developed and has several fairly recent CVEs, some of which are memory issues (at least recent compared to how old sudo is). Apart from being memory safe rust is also better at error handling than C.
IMO best would be to reduce attack surface by using a memory safe language and also reducing complex features like OpenBSD’s doas does.
Well that’s the thing that I don’t see communicated. Is it actively developed? Bug fixes doesn’t count, it’s maintenance not active development. If I’m just doing maintenance then there must be a lot of issues to warrant a rewrite, especially in a different language.
Form what I keep seeing it looks like a rewrite for the sake of rewriting, which is at best misguided reasoning.
I can see an argument that the cost of failure is very high with something like sudo, but I don’t see it vocalized anywhere.
Went through the releases quickly and it does look like maintenance work is being done more than anything.
Last minor version update was in 2020 which is not that recent (although quite recent). All other releases since have mostly fixes. I’ve seen only a couple of things that were not Fixed something in the notes.
Maybe our definitions of active development are different, but to me this does look like maintenance.
Version numbers are meaningless. Yes it’s mostly fixes, but in every release which doesn’t have p in the version number there’s at least two or three things which are not fixes. As late as 2023 one of those changes did introduce a local privilege escalation: https://www.wiz.io/vulnerability-database/cve/cve-2025-32463 which was undetected for two years. For a critical piece of software with the maturity of sudo, I call that pretty concerning.
Can anyone explain why do we need this rewrite? What I’m hearing is just that the language is memory safe and, honestly, it sounds like a weak argument. Unless the program is actively evolving or requires regular updates and it can be seen that a rewrite could genuinely improve things…
All I’ve seen in these media posts were just vague “what if” arguments. If that’s it, a rewrite seems pretty dumb.
Well, if they make it good, it has a permissive license and future updates and forks can take it private.
That’s honestly more of a problem than a feature at this point. The GPL at least protects open source projects as a “public good” and forces corporate users to contribute their changes back to the public (in some manner). All permissive licenses do is let corporations leech off the community without a requirement to give back.
Not sure what exactly you’re trying to say.
Image working in an old building, there is no coffee machine, there is no warm water and if you want to do something new, chances of you getting in trouble because you forgot to mess with CMake or free memory, are high. But the building works since it has been tested for 30 years.
Rust is a new building that you can move over to, there is a coffee machine that is a bit complicated at first but once you understand it it is that bad, there is warm water and you don’t have to mess with CMake or allocate/free memory for everything. But the building is new, there will be issues here and there and sometimes the promised warm water wont work since someone fucked it up, but in general it is just sooooo much more comfy to work in.
Rust is not about making Programming languages fast or memory safe. If you truly want to do that, I recommend doing crack and writing in assembly. It is about making programming easier without sacrificing speed.
I agree with you completely, but good god man, if you’re going to use a metaphor stick with it.
OK, imagine youre in a new car and youre like hmm donuts are good. But you know that when flight was first discovered it was scary, then after all that scares you knew it was worth while running the distance. Sometimes you gotta know when to fold em.
Ok, valid, is sudo (in this case) actively developed? Hom much maintenance does it require?
All these analogies amount to what exactly? New == better?
I get the enthusiasm for new shiny thing, especially when the new tool is better. But why do we need something like sudo rewriten? How does it make lives easier?
There’s a saying: if it ain’t broke… I’m trying to figure how and why it’s broken and all I see just a selling pitch for the language.
The analogy is “this building is working and tested, but it something DOES break it’s a huge pain to fix it.” whereas in rust it would be relatively painless. I don’t know if that’s worth rewriting it in rust but if the rust fanatics want to do it then eh why not.
Well that’s a very valid argument. If cost and impact of an error is very high and a rewrite mitigates that, sure, why not rewrite it. But in this comment thread I had to offer this argument myself, I haven’t really seen it properly communicated.
It’s always — memory safety this, error handling that… These are good reasons to pick a language for a new project, but, god damn, it’s a stupid reason for a stable program rewrite (let’s say the program is mostly in maintenance mode: no major new features are planned; correct me if that’s not the case for sudo).
Sudo is being actively developed and has several fairly recent CVEs, some of which are memory issues (at least recent compared to how old sudo is). Apart from being memory safe rust is also better at error handling than C.
IMO best would be to reduce attack surface by using a memory safe language and also reducing complex features like OpenBSD’s doas does.
https://www.cvedetails.com/vulnerability-list/vendor_id-15714/Sudo-Project.html?page=1&order=3
Well that’s the thing that I don’t see communicated. Is it actively developed? Bug fixes doesn’t count, it’s maintenance not active development. If I’m just doing maintenance then there must be a lot of issues to warrant a rewrite, especially in a different language.
Form what I keep seeing it looks like a rewrite for the sake of rewriting, which is at best misguided reasoning.
I can see an argument that the cost of failure is very high with something like sudo, but I don’t see it vocalized anywhere.
I would say yes is it developed, this is more than just big fixes : https://github.com/sudo-project/sudo/releases
No huge changes of course, but the big CVE from July was only introduced 2 years ago.
My biggest question is, why is something like sudo still developed and not finished and in maintenance mode?
Went through the releases quickly and it does look like maintenance work is being done more than anything.
Last minor version update was in 2020 which is not that recent (although quite recent). All other releases since have mostly fixes. I’ve seen only a couple of things that were not Fixed something in the notes.
Maybe our definitions of active development are different, but to me this does look like maintenance.
Version numbers are meaningless. Yes it’s mostly fixes, but in every release which doesn’t have p in the version number there’s at least two or three things which are not fixes. As late as 2023 one of those changes did introduce a local privilege escalation: https://www.wiz.io/vulnerability-database/cve/cve-2025-32463 which was undetected for two years. For a critical piece of software with the maturity of sudo, I call that pretty concerning.
Here’s an interesting report from Google about rust vs C++ in Android: https://security.googleblog.com/2025/11/rust-in-android-move-fast-fix-things.html?m=1