feat: Oxidize #2954
feat: Oxidize #2954
Conversation
KyleGospo
requested review from
EyeCantCU,
HikariKnight,
antheas and
noelmiller
as code owners
dosubot
bot
added
size:S
|
If we are to do this, I'd recommend it lives in testing exclusively for a multi-month period, IE not reaching main until at least F43. This PR covers only trying it in testing in the meantime. |
|
But neither vulnerability is related to a memory exploit? |
|
Honestly? No benefit in this for the users. I would rather wait upstream to be the ones pushing for this kind of changes. |
Copying ubuntu, bazzite (ublue-os/bazzite#2954), and aurora (ublue-os/aurora#728), switch to sudo-rs by default on Bluefin:42. Signed-off-by: Danielle Lancashire <[email protected]>
Copying ubuntu, bazzite (ublue-os/bazzite#2954), and aurora (ublue-os/aurora#728), switch to sudo-rs by default on Bluefin:42. Signed-off-by: Danielle Lancashire <[email protected]>
Copying ubuntu, bazzite (ublue-os/bazzite#2954), and aurora (ublue-os/aurora#728), switch to sudo-rs by default on Bluefin:42. Signed-off-by: Danielle Lancashire <[email protected]>
This has a security benefit for users and is free work being paid for by Canonical and supported in one of the biggest Linux distros. I see this as a chance to contribute to Fedora by trail blazing good ideas and utilizing resources far beyond our own. |
|
From my perpective while yes non of the recent security issues was memory related switching to rust version has variaty of security benefits and drawbacks as so does remaining with sudo. Also main maintainer of sudo is in high support od sudo-rs. |
This commit swaps us to sudo-rs, following Ubuntu's lead. This is something I've been testing a long while now with no regressions. This only covers sudo as the coreutils swap is not yet ready for mainstream use.
See: https://thehackernews.com/2025/07/critical-sudo-vulnerabilities-let-local.html for reasoning as to why we might want to do this ahead of our upstream.