Better than I could have ever put it. But to add my own thoughts, sudo-rs does not gain value just by being in Rust.
It’s a more lean sudo with compatability for common flags while intentionally not implementing niche/legacy options, including the one used by CVE-2025-32463, though if I did not need any of those flags at all, I would (and in past, have) just use opendoas.
The project contains extensive testing and a harness versatile enough to also test the OG sudo and has caught regressions in it. The rewrite wanting parity with sudo’s behavior has improved the original sudo; you can gain its benefits even if you won’t/don’t/can’t run it. This is the main reason uutils hasn’t convinced me of its worth yet.
Having more eyes on sudo is just good. By translating it, they have to understand many of sudo’s poorly-documented idiosyncracies and review all its relevant code and consider potential potential edge-cases. That’s basically an audit.
Better than I could have ever put it. But to add my own thoughts,
sudo-rsdoes not gain value just by being in Rust.sudowith compatability for common flags while intentionally not implementing niche/legacy options, including the one used by CVE-2025-32463, though if I did not need any of those flags at all, I would (and in past, have) just useopendoas.sudoand has caught regressions in it. The rewrite wanting parity withsudo’s behavior has improved the originalsudo; you can gain its benefits even if you won’t/don’t/can’t run it. This is the main reasonuutilshasn’t convinced me of its worth yet.sudois just good. By translating it, they have to understand many ofsudo’s poorly-documented idiosyncracies and review all its relevant code and consider potential potential edge-cases. That’s basically an audit.