Linux

10191 readers

693 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

164

sudo-rs Affected By Multiple Security Vulnerabilities - Impacting Ubuntu 25.10 (www.phoronix.com)

submitted 1 week ago by cm0002@literature.cafe to c/linux@programming.dev

58 comments fedilink hide all child comments

The Ubuntu 25.10 transition to using some Rust system utilities continues proving quite rocky. Beyond some early performance issues with Rust Coreutils, breakage for some executables, and broken unattended upgrades due to a Rust Coreutils bug, it's also sudo-rs now causing Ubuntu developers some headaches. There are two moderate security issues affecting sudo-rs, the Rust version of sudo being used by Ubuntu 25.10.

you are viewing a single comment's thread
view the rest of the comments

[–] Aatube@kbin.melroy.org 17 points 1 week ago (1 children)

One of the patches is to prevent the sudo password from being leaked in case of a timeout or sudo being killed. Another patch is to use enum for the feedback parameter. Another patch to ensure feedback is always erased before exiting the read unbuffered code. Another change is also made to not treat backspace as a password character when the password is empty.

[–] arcterus@piefed.blahaj.zone 13 points 1 week ago

As expected, these all sound like logic bugs.