Produced by | OSC Open Source Community (ID: oschina2013)
The Internet Security Research Group (ISRG) is working on the Prossimo project, which is rewriting sudo and su in Rust to enhance their memory safety, ensuring they no longer suffer from memory safety vulnerabilities, and further strengthening the security of the Linux and open source ecosystem.
According to reports, Prossimo will focus on the following aspects when selecting software:
-
Widely used (almost every server/client is using it)
-
Applied to important security boundaries
-
Performs critical functions
-
Whether it is written in memory-unsafe languages (e.g., C, C++, asm)
Since sudo meets the criteria above, Prossimo decided to secure this critical software, especially to avoid memory safety vulnerabilities.
According to the project’s homepage, Amazon AWS has provided funding for the “Rust Rewriting sudo” initiative.
sudo (substitute user [or superuser] do) is a computer program used in Unix-like operating systems such as BSD, Mac OS X/macOS, and GNU/Linux. This program allows users to execute programs with specific permissions (usually of the operating system’s superuser) in a secure manner.
It was first developed in the 1980s. For decades, sudo has become an important tool for making changes while minimizing the risks to the operating system.
However, because it is written in C, sudo has experienced many vulnerabilities related to memory safety issues. To ensure the safety of critical software and prevent memory safety vulnerabilities, Ferrous Systems and Tweede Golf, funded by AWS, are jointly porting sudo and su from C to Rust.
The project is now hosted on GitHub: https://github.com/memorysafety/sudo-rs
This work began last December and is scheduled to end in September 2023. For specific development plans, see: https://www.memorysafety.org/initiative/sudo-su/sudo-su-work-plan/
Recently, there have been many big news stories about Rust, giving the impression that Rust is going to rewrite everything. Could the famous “Atwood’s Law” be getting a Rust version?
For instance, just a few days ago, Microsoft rewrote core Windows libraries in Rust:
“Microsoft wants to make Windows tougher, rewriting core Windows libraries with 180,000 lines of Rust code”
Additionally, Flask creator Armin wrote a package management tool in Rust:
Flask’s creator claims Python package management is hotter than LLMs
Furthermore, the founder of Ruff established a company and announced plans to change the Python ecosystem, with the tool being based on Rust:
Ruff’s founder announces the establishment of a company, claiming to change the Python ecosystem
The default file system of Windows 11 will be replaced by ReFS instead of NTFS
Deno launches high-performance key-value database Deno KV
Electronic waste Chromebook
🌟 Event Recommendation
On May 27-28, 2023, GOTC 2023 Global Open Source Technology Summit will be grandly held at Zhangjiang Science Hall, Shanghai.
This two-day open source industry event will interpret the theme of the conference – “Open Source, Into the Future” through industry exhibitions, keynote speeches, special forums, sub-forums, and flash talks. Participants will discuss popular technology topics such as the metaverse, 3D and gaming, eBPF, Web3.0, blockchain, as well as hot topics like OSPO, automotive software, AIGC, open source education and training, cloud-native, and Xinchuang, exploring the future of open source and promoting open source development.
Press and hold to recognize the QR code below to view GOTC 2023 details/register immediately.
