The Ubuntu 25.10 transition to using some Rust system utilities continues proving quite rocky. Beyond some early performance issues with Rust Coreutils, breakage for some executables, and broken unattended upgrades due to a Rust Coreutils bug, it’s also sudo-rs now causing Ubuntu developers some headaches. There are two moderate security issues affecting sudo-rs, the Rust version of sudo being used by Ubuntu 25.10.
All non-trivial software has bugs, and it’s unsurprising that in a
sudoimplementation in any language, many of those bugs are security-related. This is still quite young software. Ubuntu was premature in making it their default, I think, but that just means it’s immature, not that it’s completely broken.Then again, I use
suexclusively and don’t even havesudoinstalled, so I’ve got no dog in this fight.(As for Rust itself, I am neither for nor against. It’s a programming language. It has some issues that mostly seem to be related to how building and distribution is carried out in practice, rather than the core language design. I have never met a programming language without warts, and I’ve used several. If you’re experienced with the language—whatever it is—you learn how to handle them.)