The Ubuntu 25.10 transition to using some Rust system utilities continues proving quite rocky. Beyond some early performance issues with Rust Coreutils, breakage for some executables, and broken unattended upgrades due to a Rust Coreutils bug, it’s also sudo-rs now causing Ubuntu developers some headaches. There are two moderate security issues affecting sudo-rs, the Rust version of sudo being used by Ubuntu 25.10.
The Rust hype is funny because it is completely based on the fact that a leading cause of security vulnerabilities for all of these mature and secure projects is memory bugs, which is very true, but it completely fails to see that this is the leading cause because these are really mature projects that have highly skilled developers fixing so much shit.
So you get these new Rust projects that are sometimes made by people that don’t have the same experience as these C/C++ devs, and they are so confident in the memory safety that they forget about the much simpler security issues.
Cant tell you how many times Ive heard about curl getting re-written. Same deal.
Surely a direct stream from the internet straight onto host hardware can’t be exploited in any way. All you gotta do is put the stream in a file. How hard could it be? (/s)
Tbh that specific case probably wouldn’t be a big deal. It’s all the extra processing curl can do for http requests and the like that’d be more dangerous to rewrite I’d think.