PSA: If you think that people use Rust because it lets you write without bugs do yourself a favor and don’t comment on anything Rust related. You will avoid sounding stupid.
no, I think people who write comments along the lines of “C bad, Rust good, why use C” are idiots. And if that makes me sound stupid - oh, well. Like I ever cared
I think the criticism is more about deciding to try to re-implement a long standing facility in rust that has, by all accounts, been ‘finished’ for a long time.
About the only argument for those sorts of projects is the resistance to the sorts of bugs that can become security vulnerabilities, and this example highlights that rewrites in general (rust or otherwise) carry a risk of introducing all new security issues on their own, and that should be weighed against the presumed risks of not bothering to rewrite in the first place.
New projects, heavy feature development, ok, fine, Rust to make that easier. Trying to start over to get to the same place you already are, needs a bit more careful consideration, especially if the codebase in question has been scrutinized to death, even after an earlier reputation of worrisome CVEs that had since all been addressed.
Finished means it’s feature complete according to the specification and feature frozen. It says nothing of bugs. Bugs are ethereal qualities, subject to opinion and criteria chosen for triage. Sudo is finished, it does what is meant to do. Does it do it bug free? For the most part it does. Doesn’t mean there aren’t any bugs left. But no new bugs are expected to be introduced by active development. Any bugs that arise, and it has been the case for a long time, will be old bugs that haven’t been discovered yet.
Is it feature complete? Sudo is still getting 10-30 commits a month. If those are all bug fixes, maybe it’s buggier than we thought. Otherwise it would seem that many of them are new features.
From the project’s website:
The sudo 1.8 branch is considered the legacy version. It receives no new features, only critical bug fixes. Users are highly encouraged to migrate to the sudo stable branch.
This implies that 1.9 may still get new features. And there may one day be a 1.10.
Here are the latest things fixed in the current patch version of 1.9 branch, 1.9.17p2
Fixed a bug introduced in sudo 1.9.16 that could result in sudo sending SIGHUP to all processes on the system in certain rare cases.
Fixed a bug introduced in sudo 1.9.12 that caused sudo to abort when … [some very specific cases]
Fixed a bug in sudo’s configure script introduced in sudo 1.9.17 that prevented mdoc-format man pages from being used on systems without the mandoc utility.
These are all recently introduced bugs that are results of either previous bug fixes or new features. The oldest mentioned version, 1.9.12 is from 2022, but 1.9.16 and .17 are newer.
This is not meant to be a criticism of the sudo project or Todd. He’s done an excellent job on the security front. But clearly sudo is not feature-frozen and new bugs are still being introduced. Sometimes they’re memory bugs and Rust helps with those (obviously it doesn’t completely eliminate them). Rust is also much nicer to learn than C, meaning it’s going to get easier and easier to find help in a Rust project as opposed to a C one.
PSA: If you think that people use Rust because it lets you write without bugs do yourself a favor and don’t comment on anything Rust related. You will avoid sounding stupid.
no, I think people who write comments along the lines of “C bad, Rust good, why use C” are idiots. And if that makes me sound stupid - oh, well. Like I ever cared
Both things can be true and I’ve seen way way more comments along the lines of “there are bugs in Rust so it’s pointless” then “don’t use C”.
True. How dares anyone touch holy graal of C :)
I think the criticism is more about deciding to try to re-implement a long standing facility in rust that has, by all accounts, been ‘finished’ for a long time.
About the only argument for those sorts of projects is the resistance to the sorts of bugs that can become security vulnerabilities, and this example highlights that rewrites in general (rust or otherwise) carry a risk of introducing all new security issues on their own, and that should be weighed against the presumed risks of not bothering to rewrite in the first place.
New projects, heavy feature development, ok, fine, Rust to make that easier. Trying to start over to get to the same place you already are, needs a bit more careful consideration, especially if the codebase in question has been scrutinized to death, even after an earlier reputation of worrisome CVEs that had since all been addressed.
In other comment I linked two vulnerabilities in sudo discovered in 2025, one of which was “hiding” for 12 years. So yeah, “finished” for a long time…
Finished means it’s feature complete according to the specification and feature frozen. It says nothing of bugs. Bugs are ethereal qualities, subject to opinion and criteria chosen for triage. Sudo is finished, it does what is meant to do. Does it do it bug free? For the most part it does. Doesn’t mean there aren’t any bugs left. But no new bugs are expected to be introduced by active development. Any bugs that arise, and it has been the case for a long time, will be old bugs that haven’t been discovered yet.
Is it feature complete? Sudo is still getting 10-30 commits a month. If those are all bug fixes, maybe it’s buggier than we thought. Otherwise it would seem that many of them are new features.
From the project’s website:
This implies that 1.9 may still get new features. And there may one day be a 1.10.
Here are the latest things fixed in the current patch version of 1.9 branch, 1.9.17p2
These are all recently introduced bugs that are results of either previous bug fixes or new features. The oldest mentioned version, 1.9.12 is from 2022, but 1.9.16 and .17 are newer.
This is not meant to be a criticism of the sudo project or Todd. He’s done an excellent job on the security front. But clearly sudo is not feature-frozen and new bugs are still being introduced. Sometimes they’re memory bugs and Rust helps with those (obviously it doesn’t completely eliminate them). Rust is also much nicer to learn than C, meaning it’s going to get easier and easier to find help in a Rust project as opposed to a C one.
Also Todd Miller, the author of sudo, has a submitted a pull request to sudo-rs at one point so I suspect he’s also excited about the project to some degree and wanted to help symbolically