Skip to content

feat: Oxidize #2954

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

feat: Oxidize #2954

wants to merge 1 commit into from
+11 −0

Conversation

@KyleGospo
Copy link
Member

@KyleGospo KyleGospo commented Jul 23, 2025
edited
Loading

This commit swaps us to sudo-rs, following Ubuntu's lead. This is something I've been testing a long while now with no regressions. This only covers sudo as the coreutils swap is not yet ready for mainstream use.

See: https://thehackernews.com/2025/07/critical-sudo-vulnerabilities-let-local.html for reasoning as to why we might want to do this ahead of our upstream.

@KyleGospo KyleGospo changed the base branch from main to testing July 23, 2025 18:28
@dosubot dosubot bot added size:S This PR changes 10-29 lines, ignoring generated files. enhancement New feature or request labels Jul 23, 2025
@KyleGospo
Copy link
Member Author

KyleGospo commented Jul 23, 2025

If we are to do this, I'd recommend it lives in testing exclusively for a multi-month period, IE not reaching main until at least F43. This PR covers only trying it in testing in the meantime.

@antheas
Copy link
Member

antheas commented Jul 23, 2025

But neither vulnerability is related to a memory exploit?

@Zeglius
Copy link
Collaborator

Zeglius commented Jul 23, 2025

Honestly? No benefit in this for the users. I would rather wait upstream to be the ones pushing for this kind of changes.

@renner0e renner0e mentioned this pull request Jul 23, 2025
Merged
endocrimes added a commit to endocrimes/bluefin that referenced this pull request Jul 24, 2025
@endocrimes
42: Add sudo-rs as the default sudo
dae505f 
Copying ubuntu, bazzite (ublue-os/bazzite#2954),
and aurora (ublue-os/aurora#728), switch to
sudo-rs by default on Bluefin:42.

Signed-off-by: Danielle Lancashire <[email protected]>
endocrimes added a commit to endocrimes/bluefin that referenced this pull request Jul 24, 2025
@endocrimes
42: Add sudo-rs as the default sudo
7602fa5 
Copying ubuntu, bazzite (ublue-os/bazzite#2954),
and aurora (ublue-os/aurora#728), switch to
sudo-rs by default on Bluefin:42.

Signed-off-by: Danielle Lancashire <[email protected]>
@endocrimes endocrimes mentioned this pull request Jul 24, 2025
Closed
endocrimes added a commit to endocrimes/bluefin that referenced this pull request Jul 24, 2025
@endocrimes
42: Add sudo-rs as the default sudo
fad9564 
Copying ubuntu, bazzite (ublue-os/bazzite#2954),
and aurora (ublue-os/aurora#728), switch to
sudo-rs by default on Bluefin:42.

Signed-off-by: Danielle Lancashire <[email protected]>
@KyleGospo
Copy link
Member Author

KyleGospo commented Jul 26, 2025
edited
Loading

Honestly? No benefit in this for the users. I would rather wait upstream to be the ones pushing for this kind of changes.

This has a security benefit for users and is free work being paid for by Canonical and supported in one of the biggest Linux distros. I see this as a chance to contribute to Fedora by trail blazing good ideas and utilizing resources far beyond our own.

@bigpod98
Copy link

bigpod98 commented Jul 26, 2025

From my perpective while yes non of the recent security issues was memory related switching to rust version has variaty of security benefits and drawbacks as so does remaining with sudo.

Also main maintainer of sudo is in high support od sudo-rs.

@KyleGospo KyleGospo force-pushed the testing branch 4 times, most recently from 3cd5b8f to 7f44168 Compare October 28, 2025 02:09
@Venefilyn
Copy link

Venefilyn commented Oct 28, 2025

Just a note here. Cockpit will not work with sudo-rs due to askpass not being implemented

@KyleGospo KyleGospo force-pushed the testing branch 4 times, most recently from c951db3 to 1ad6843 Compare November 3, 2025 02:36
@KyleGospo KyleGospo force-pushed the testing branch 2 times, most recently from b582e77 to 088af2e Compare November 14, 2025 05:53
@KyleGospo KyleGospo closed this Nov 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@EyeCantCU EyeCantCU Awaiting requested review from EyeCantCU EyeCantCU is a code owner

@HikariKnight HikariKnight Awaiting requested review from HikariKnight HikariKnight is a code owner

@antheas antheas Awaiting requested review from antheas antheas is a code owner

@noelmiller noelmiller Awaiting requested review from noelmiller noelmiller is a code owner

Assignees

No one assigned

Labels

enhancement New feature or request size:S This PR changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@KyleGospo @antheas @Zeglius @bigpod98 @Venefilyn