[Bug 2127128] [NEW] Should replace / conflict with "old" sudo
Egmont Koblinger
2127128 at bugs.launchpad.net
Wed Oct 8 21:06:22 UTC 2025
Public bug reported:
I have just upgraded from 25.04 to 25.10 (well, technically beta, but
just before the release).
This upgrade procedure installed the new Rust sudo and made it the
default, but left the old sudo.ws there as well, with setuid bit.
As far as I know, the whole point of having a brand new version, written
in a much safer programming language, is to highly reduce the risk of
yet-undiscovered security holes (buffer overruns or whatnot) being
present in the system.
There's absolutely no way that having both versions installed at the
same time, both with root as owner and the setuid bit set, would serve
this goal.
** Affects: rust-sudo-rs (Ubuntu)
Importance: Undecided
Status: New
** Tags: questing
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rust-sudo-rs in Ubuntu.
https://bugs.launchpad.net/bugs/2127128
Title:
Should replace / conflict with "old" sudo
Status in rust-sudo-rs package in Ubuntu:
New
Bug description:
I have just upgraded from 25.04 to 25.10 (well, technically beta, but
just before the release).
This upgrade procedure installed the new Rust sudo and made it the
default, but left the old sudo.ws there as well, with setuid bit.
As far as I know, the whole point of having a brand new version,
written in a much safer programming language, is to highly reduce the
risk of yet-undiscovered security holes (buffer overruns or whatnot)
being present in the system.
There's absolutely no way that having both versions installed at the
same time, both with root as owner and the setuid bit set, would serve
this goal.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rust-sudo-rs/+bug/2127128/+subscriptions
More information about the foundations-bugs
mailing list