Ubuntu 25.10 will replace the sudo command with sudo-rs, a new Rust rewrite designed to improve memory safety and security. What does this mean for users?
Sure. I guess it would depend on how complex that is, but surely the sudo command already does validations, so it would just need to have the editor write to a temporary file (which is a copy of the official one) and write once it’s validated, right?
I don’t think it’s that simple. The challenge is that you need to still behave as if it’s invoked as the user so that the editor uses their configurations instead of simply execing it as root.
Sudo uses the setuid bit or whatever, so it still has access to the user’s environment variables and whatnot. So figuring out which editor to run shouldn’t be an issue.
That’s not what I mean. Yeah, getting the environment variables are simple enough, but if you simply exec something as the root user, whatever you exec will naturally be looking for configs in /root/.config and not your~/.config dir, so any configurations to things like your text editor won’t be read.
They’ve got a few months to get it done, and it shouldn’t be that hard, no? Just exec EDITOR as a child process, no?
It also does input validation to ensure one doesn’t break the sudo file.
Sure. I guess it would depend on how complex that is, but surely the sudo command already does validations, so it would just need to have the editor write to a temporary file (which is a copy of the official one) and write once it’s validated, right?
It sounds doable in a few months.
I don’t think it’s that simple. The challenge is that you need to still behave as if it’s invoked as the user so that the editor uses their configurations instead of simply
execing it asroot.I could be wrong though
¯\_(ツ)_/¯Sudo uses the setuid bit or whatever, so it still has access to the user’s environment variables and whatnot. So figuring out which editor to run shouldn’t be an issue.
That’s not what I mean. Yeah, getting the environment variables are simple enough, but if you simply
execsomething as therootuser, whatever youexecwill naturally be looking for configs in/root/.configand not your~/.configdir, so any configurations to things like your text editor won’t be read.Ah, makes sense. It’s easy enough to duplicate the outer ENV for the sub-process, but I don’t know what that means for security and whatnot.