Ubuntu 25.10 Replaces Sudo with a Rust-Based Equivalent

If you’ve used Linux long enough, you know all about sudo. If not, sudo stands for super user do and elevates a standard user such that they can temporarily run admin tasks. Sudo has been around for a long time, but Canonical has decided to move on from the old version and introduce a new version, written in Rust.

But why? Why would Canonical decide to make the switch from something nearly all Linux distributions use and that “just works”?

Ultimately, the shift points to Canonical looking to improve the security of sudo. The new sudo-rs is being developed by Trifecta Tech Foundation (TTF), which is a “nonprofit organization that creates secure, open-source building blocks for infrastructure software.” In a recent blog, the organization spoke about “memory-safe sudo” (which is sudo-rs). In that blog, TTF states,

“The decision to adopt sudo-rs is in line with Canonical’s commitment to Carefully But Purposefully increase the resilience of critical system software by adopting Rust. Rust is a programming language with strong memory safety guarantees that eliminates many of the vulnerabilities that have historically plagued traditional C-based software.”

Rust’s Safety Guarantees

One of the key aspects of sudo-rs is that it leverages Rust’s memory safety guarantees. There are several features that provide that guarantee, such as:

• Ownership System: Rust includes an ownership system where every value in the program has an owner responsible for deallocating the value when it goes out of scope.
• Borrow Checker: The borrow checker ensures that all borrows (references to values) are valid and do not point to invalid data.
• Nullability System: Rust’s nullability system prevents null pointer dereferences by enforcing a “null” type option, which can either contain a value or be empty (None).
• Smart Pointers: Rust provides smart pointers, such as Rc (Reference Counting) and Arc (Atomic Reference Counting), to manage the lifetime of values and prevent use-after-free errors.
• Lock-Free Memory Management: Rust’s memory management is designed to be lock-free to avoid locking mechanisms that can lead to contention and performance issues.

As for the memory safety guarantees, they are:

• No null pointer differences
• No use-after-free errors
• No data-racing bugs
• Memory leak prevention

There are other safety features, including panics, error handling, and code analysis, and the Rust memory safety philosophy is all about assuming immutability by default, using smart pointers, and avoiding raw pointers.

The new sudo-rs is meant to be a near drop-in replacement for sudo, but some of the less secure aspects of sudo (such as the ability to distribute the sudoers file via LDAP) will not be supported.

Installing and Using sudo-rs

If you want to try out sudo-rs, you’ll need to spin up an instance of Ubuntu 25.10 desktop. You can download an ISO here. Once you have version 25.10 up and running, if you go digging, you’ll find that it doesn’t ship with sudo-rs (yet). To add sudo-rs, you have to install it. Fortunately, TTF has made the software available in the standard repositories, so it can be installed with the command:

Keep in mind, sudo-rs doesn’t replace sudo (again, yet). You still have access to sudo, as well as sudo-rs. That’s a good thing because sudo-rs isn’t quite ready for prime time. Even so, sudo-rs should work exactly as you expect.

In fact, I installed it on an instance of Ubuntu 25.10 to see how well it works and came away surprised. At first, I thought there would be issues because, after installing rust-rs, I started running commands that require sudo privileges. One of the first I ran was:

To my surprise, it responded saying that upgrade wasn’t a recognized command. I ran it again and had no luck. The third time, as they say, is the charm, and the command went off without a hitch.

That’s kind of the point here: replacing a crucial component of the OS with one that offers better security and does so without users knowing the difference. I’m certain that when version 25.10 is officially released, the sudo command will have been replaced by sudo-rs, but the command will remain unchanged.

By then, instead of running sudo-rs, you’ll simply issue the sudo command, and things should go off without a hitch. I’m also assuming this will not affect desktop features such as those file managers that include admin privilege escalation within the GUI context menu.

If You Fear Change, All Is Not Lost

Canonical has promised to keep the original sudo in the archive repositories, so that anyone who wants to roll back to plain old sudo will be able to do so without much hassle.

If you want to try sudo-rs, follow the instructions above, and you’ll find that using the new tool is almost identical to the original. The only difference (at the moment) is that to use the original sudo, you run the sudo command, and to use sudo-rs, you use the sudo-rs command. It really is that simple.

At the time of writing, there’s no indication that other distributions will follow Ubuntu’s lead. I feel fairly confident that most distributions based on Ubuntu will go with sudo-rs, and those that don’t will probably make official announcements in their blogs.

Stay tuned, it’s about to get a little rusty in here.