Canonical is betting on Rust as a key language to enhance security in its essential tools. The new version of Ubuntu will make history by incorporating a secure reimplementation of the classic command sudo.
Ubuntu will be the first major Linux distribution to adopt sudo-rs as the default implementation of sudo starting with version 25.10, expected in October 2025. This decision is part of an effort to improve the operating system’s security through the use of Rust, a modern programming language that provides strong guarantees against memory errors.
The new version has been developed by the Trifecta Tech Foundation (TTF), a nonprofit organization focused on secure open-source infrastructure. sudo-rs is part of its Privilege Boundary initiative, which aims to replace critical privilege escalation tools with alternatives written in Rust.
What is sudo-rs?
sudo-rs is a complete reimplementation of the well-known command sudo, but written in Rust. It is designed as a direct and compatible replacement for most users, although it does not aim to blindly replicate all functionalities of the original sudo. Some features deemed obsolete or overly specific may be omitted.
Nevertheless, the development of sudo-rs has been carried out in collaboration with Todd Miller, the maintainer of the traditional sudo for over 30 years. This cooperation ensures a smooth transition that respects the legacy of a core tool in the Unix ecosystem.
A Responsible and Measured Transition
Canonical has confirmed that this transition will be gradual and reversible. While sudo-rs will be the default in Ubuntu 25.10, users who wish to can easily revert to the original sudo. This transition phase will serve as a testing ground before the final adoption in Ubuntu 26.04 LTS.
The company is also actively funding the development of key features to ensure the viability of sudo-rs in real-world environments. Key features include:
- Shell escape prevention (NOEXEC) in Linux.
- AppArmor profile support.
- Implementation of
sudoedit. - Compatibility with Linux kernels prior to version 5.9.
The last point is especially important to ensure that containers based on Ubuntu 26.04 LTS function correctly on older hosts, such as Ubuntu 20.04 LTS.
Gradual Replacement of coreutils
Modernization does not stop at sudo. Canonical is also working to replace the GNU coreutils toolkit with its Rust counterpart: uutils coreutils. This change is also slated for Ubuntu 25.10, with a particularly careful approach given the essential nature of the package.
The plan includes creating three new packages (coreutils-from-uutils, coreutils-from-gnu, and coreutils-from) that will allow users to choose between both versions. Canonical is also sponsoring the development of compatibility with SELinux and internationalization, key aspects for matching the behavior of the original toolkit.
Exploring New Frontiers: SequoiaPGP
In addition to sudo and coreutils, Canonical has begun testing SequoiaPGP, a new OpenPGP library written in Rust. Sequoia stands out for its focus on security and compliance with standards, which is particularly relevant following the decision by GnuPG maintainers to fork from the official standard.
Canonical is exploring the use of SequoiaPGP as a cryptographic backend for APT, Ubuntu’s package manager, as a replacement for GnuPG. This transition is still in the exploratory phase, but it represents another step toward replacing critical software with modern, more secure alternatives.
Statement of Principles
Canonical emphasizes that this strategy does not imply abandoning C as a systems language, but rather betting on the sustainability and resilience of the Linux ecosystem. Adopting foundational tools rewritten in Rust strengthens Ubuntu’s position as a secure, modern infrastructure platform ready to tackle future challenges.
Next Steps
Ubuntu 25.10 will serve as an intermediary version to gather user feedback and refine potential incompatibilities. The definitive adoption of these technologies is expected for Ubuntu 26.04 LTS, where this deep transformation of the operating system’s core will be consolidated.
The community can already test sudo-rs in current versions like Ubuntu 24.04 via the oxidizr package, and follow the progress of uutils and Sequoia in their respective official channels.
References: discourse.ubuntu.com, Migration rust-coreutils, blog Jon Seager, trifectatech, Administración de sistemas