Ubuntu Rust Coreutils Audit Revealed 113 Issues, Ubuntu 26.10 Aims For "100% Rust Coreutils"
Posted by anh0516@reddit | linux | View on Reddit | 41 comments
sylvester_0@reddit
It's probably been discussed a billion times but I don't really understand this push. I'm much less worried about memory safety in coreutils than in exposed/critical services like openssl, SSH, etc
PraetorRU@reddit
One doesn't contradict another. Coreutils are very important for hosting and other server usage when you allow lots of people to have a shell in your system.
On the other hand, incentive to use coreutils rewritten in Rust is basically what Canonical's tech lead sold to the management. I don't think they won anything from it up to this day besides a lot of effort to stabilize "oxidized" implementations.
dthdthdthdthdthdth@reddit
How is stuff like ls security relevant if I give somebody a shell? They can just copy their own program there and do whatever. The kernel has to be secure then, any program they could start as root, like sudo (so sudo rs makes a lot of sense), and processes that run as root or other privileged users, that they can somehow interact with.
ls would be only relevant if they could somehow feed arguments to ls but don't have shell. Like ls being called by some other app that is reachable externally or whatever.
Anticept@reddit
A lot of considerations aren't so much about individuals having access, it's about the fact so many machines are now connected to the internet and automated with scripting and things like that. Vulnerabilities might not apply specifically to your use case, but they could apply to someone's.
The other part is that the coreutils is under GPL. Canonical wants everything under BSD.
I'm not too happy with the modern push away from GPL... I understand the complications it creates in some scenarios, but I ***very much*** like the fact that the GPL requires that I have the source code available to me to review so I know what the software is doing. BSD means they don't have to give me the source code.
dthdthdthdthdthdth@reddit
I love rust and I'm fine with people rewriting stuff.
I also don't think anybody wants to have a closed source core utils fork and some point. There is no business opportunity there.
I'm just saying with some of those I don't see the threat vector, or it is a pretty unlikely one. Yeah if you expose bash scripts to external user input and pass those to ls etc. it might be relevant. But if you do stuff like that you probably have fucked up in a lot of other places.
It's nice, but it's not a change that I expect to improve security of anything in a measurable way.
Skogspingvin@reddit
This is a wild take, and probably from someone with limited experience in the industry. Of course there's a reason they want this to be BSD/MIT licensed, and no, it's not because 'they like that license better', it's because it's easier to sell to companies that don't respect or want their users to have freedom.
What people don't know, is that even their precious Red Hat, who is seen by the community as almost paragons of defending free and open source software, is more than happy to sell out all the principles of FLOSS behind close doors. If they could close up the source code on behalf of certain customers, they would. I know, because I've personally witnessed negotiations behind closed doors where Red Hat was incredibly willing to allow GPL violations to happen if only they got paid.
dthdthdthdthdthdth@reddit
That's a wild take and probably from someone who does not understand licenses.
GPL matters if you want to change the source. Now a MIT Linux kernel would be a big thing for them as you could ship modified Linux systems without releasing the source. Companies illegally do that all the time. Nobody wants to ship a modified ls though.
Anticept@reddit
It's unlikely to move the needle much but it's a lot easier to rewrite small bits than openssh for example. One day, but i suppose not today.
PraetorRU@reddit
For example you give unprivileged shell, without access to sudo. And then user uploads some files with funny names, make ls in the directory and privilege escalation happens due to some unintended interactions with the kernel or some other system stuff.
Ok-Winner-6589@reddit
But then isn't the vulnerability on the kernel level? Who is gona rewrite the kernel on Rust?
If the kernel executes something uploaded by an unprivileged users with the máximum privileges the kernel is fucked up
tajetaje@reddit
Let me give a better example. Say ls or cat has a buffer overflow or some other issue, and you are a web admin. Users can upload text files to your server. You want to see the contents of one, you ls the directory and cat the file contents. You are relying on ls and cat to both be fine with handling untrusted data (to be clear cat-ing untrusted data is a bad idea period, but you get the idea). At the end of the day coreutils are installed EVERYWHERE. In almost every container (unless you are smart enough to be running a distroless container) and every Linux OS on the planet. A vulnerability there is a huge issue. Hence wanting to reduce the attack surface. Plus the coreutils are a well documented problem before moving on to their components of the OS. You saw the same with rust in the kernel, the first things that got written in rust were practically useless and would have been just fine in c, but as we go there is more and more benefit.
Plus the fact that uutils is a much nicer codebase to get new devs working with than a c codebase, let alone what I’m sure is a c99 codebase with lots of unique internal APIs.
FriendlyProblem1234@reddit
What "push"?
One distribution picked this component as default. Would you demand every distribution in existence to use the same set of components? Is there a "push" for OpenRC because Gentoo uses it as default init? Is there a "push" for musl because Alpine uses it as default libc? Is there a "push" for busybox because OpenWRT uses it as default coreutils?
This is not a zero sum game, neither a central decision.
Apparently developers of uutils had no interest in writing an alternative implementation of OpenSSL or OpenSSH. Instead they worked on what they thought was interesting.
It does not prevent anyone from writing an alternative implementation of OpenSSL (and in facts, there are several).
BossOfTheGame@reddit
having less places where there could be a memory bug is a good thing. we should aim to have proofs of soundness where possible. the less trust me bro, the better.
it's just a piece of the puzzle but it meaningfully shrinks the bug surface, and coreutils is a good place to start small, but on a large scale.
The ssh and openssl rewrites will take more time.
void4@reddit
Cause there are multiple perfectly aligned interests:
Guys from "NG"O "Sovereign Tech Fund" got their hands on German taxpayers' money, which they need to spend on relevant projects. They of course would like to spend them on projects ran by either their friends or at least fellow far left activists
Managers at Canonical (or any other big company) have KPI which says that they must drive some project within the company. Moreover, such project should be as cheap as possible, preferably - paid for by someone else. Another plus if it means getting rid of GPL licensed software - this license is really bothersome for corporations
RiiR requires no skills and no visible metric improvements. It's actually the opposite: if your modern RiiR'd project produces a binary which compiles 10 times slower and contains 10x more bloat and 10x more bugs than its "deprecated" alternative because you're a lazy incompetent idiot, then you can always say that it's for the sake of memory safety, security, yadda yadda.
TampaPowers@reddit
I had a box get compromised just a few days ago. No clue how besides a password being guessed maybe(left enable from the vendor unfortunately). Canonical actually fixing bugs is good, until you see how many more still exist in critical software and you really wonder how they can call anything stable. It was really good with 18 and 20 and since 22 so much stuff started to break it's creating more work than it should.
SosirisTseng@reddit
License
jonathancast@reddit
I don't have a bookmark, but I remember a few years ago people mocking the idea of Rust rewrites, or even writing new stuff in Rust, by saying "rewrite something simple in Rust, like coreutils, and then I'll listen". I think that's the motive - it's just a demonstration to prove to people that Rust really is a production-ready, capable programming language.
PraetorRU@reddit
Number looks high, but in reality they found nothing really serious, and most of what they found is already fixed.
100GHz@reddit
https://www.cve.org/CVERecord?id=CVE-2026-35338
Any specific reason why you are downplaying it?
LordAlfredo@reddit
Requires attacker either already have system admin permissions or convince a user that does to run a malicious command but has no mitigation if either of those conditions do apply. 7.x seems fair.
juicebox1156@reddit
An attacker can create a symlink in their own directory without root privileges. If someone with root privileges happens to run “chmod -R” on that directory, it can mess up other directories. The “chmod -R” could be done for legitimate reasons by root, it doesn’t have to be a malicious command at all. It’s not a reliable attack, but would be easy to leave around like land mines for a denial of service attack.
TerribleReason4195@reddit
Cp, MV, and rm are pretty important IMO.
rebellioninmypants@reddit
And? You're still getting them - in their "original" form like everyone wanted xD
They'll get fixed in no time - 100 isn't actually that big of a number, especially if they have already been actively worked on.
gmes78@reddit
But how would we make clickbait headlines otherwise?
rebellioninmypants@reddit
By relying on tribalism, meotions, anger, danger to status quo, nuns
ea_nasir_official_@reddit
but... but.. ubuntu bad
suszuk@reddit
Rewriting battle tested software in fairly "rolling release" programming language that gets updates every 6 month and not finalized is just asking for problems, you know I miss the days when software engineering was sane that they don't touch what doesn't need fixing just improving upon without rewriting the entire thing from scratch, reinventing the wheels and opening a new can of worms
FriendlyProblem1234@reddit
Where were you in 1991, when somebody decided to reinvent the wheels and develop a new kernel from scratch, instead of improving upon existing ones?
creeper6530@reddit
Blame Canonical. The rewrite project was originally never supposed to go production.
Ok-Anywhere-9416@reddit
Title with fake news. Issues were fixes already and I think it's even written in the article.
Natural_Night9957@reddit
The h4t3ful six: Ubuntu, snaps, Rust, systemd, wayland, GNOME
Novero95@reddit
You seem very sane /s
Infiniti_151@reddit
Only the first 2
TerribleReason4195@reddit
You could replace or add canonical in there.
Anonymo@reddit
I am for 0% Ubuntu usage.
JockstrapCummies@reddit
I aim for 100% Ubuntu usage.
The great thing about Linux is that you have a choice.
IngwiePhoenix@reddit
Rust Coreutils feels like such a footgun... x) But I'd bet people are hellbent on not admitting this being a mistake.
creeper6530@reddit
Again and again. The Rust coreutils were supposed to be an exercise, not production replacement. Shit on Canonical.
Coyann@reddit
Did the The Lunduke Journal write this headline?
0riginal-Syn@reddit
I said in another post, that I am not a fan of the rewrite or even Canonical, but they commissioned this independent audit to find and fix everything found before LTS. It is younger than coreutils so it has not had decades of real-world use and testing. This was actually a pretty smart move, regardless of my view on uutils or Canonical.
dathislayer@reddit
Very good perspective.