Public bug reported:
I have just upgraded from 25.04 to 25.10 (well, technically beta, but
just before the release).
This upgrade procedure installed the new Rust sudo and made it the
default, but left the old sudo.ws there as well, with setuid bit.
As far as I know, the whole point of having a brand new version, written
in a much safer programming language, is to highly reduce the risk of
yet-undiscovered security holes (buffer overruns or whatnot) being
present in the system.
There's absolutely no way that having both versions installed at the
same time, both with root as owner and the setuid bit set, would serve
this goal.
** Affects: rust-sudo-rs (Ubuntu)
Importance: Undecided
Status: New
** Tags: questing
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2127128
Title:
Should replace / conflict with "old" sudo
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rust-sudo-rs/+bug/2127128/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
