A major foundational change lurks beneath the eye-catching new features in Ubuntu 25.10 ‘Questing Quokka’ – a new and improved version of sudo, written in Rust.

I’m sure you’re all aware, the sudo command is what allows you to performance tasks, run tools and access protected files with root or superuser security privileges (sudo being a portmanteau of ‘superuser do’) on Linux.

It’s arguably the one Linux command everyone knows.

Prior to not, the sudo command in Ubuntu was written in C. But beginning with Ubuntu 25.10, it defaults to an updated version written in Rust, called sudo-rs.

Why is Ubuntu switching to sudo-rs?

The sudo-rs project is developed by Trifecta Tech Foundation, who say they’re ‘excited’ to see Ubuntu “committing to using sudo-rs and using its role to push adoption of Rust in systems programming”.

Why do this? To improve the security of the sudo command – the most critical command on Linux

Canonical’s Jon Seager, VP Engineering adds the distro maker is “delighted to be investing in critical, low-level software utilities [and] by choosing to adopt sudo-rs I hope to accelerate the path to wider adoption across the Linux ecosystem”.

So why the change?

Security, chiefly. The Rust programming language has built-in ‘memory safety’ features which it’s felt offer an extra degree of robustness in protecting this critical system command.

Sudo’s original maintainer for the past 30 years, Todd Miller, offered “advice and guidance” to the developers who’ve building this Rust-based replacement, which is encouraging.

What does the change mean for you?

Don’t panic thinking you will need to unpick years of learned muscle memory and learn to type sudo-rs, as you won’t.

The sudo command itself is not changing in Ubuntu, only the language that sudo is programmed in.

In Ubuntu 25.10 and later, you still run sudo, but it is now linked to sudo-rs. You keep using sudo the way you always have, but is running sudo-rs behind the scenes.

To make the transition happen, Canonical has supported work to ensure the new version supports:

  • Coarse-grained shell escape prevention (NOEXEC)
  • Controlling AppArmor profiles
  • Using sudoedit
  • Work in pre-Linux 5.9 kernels (like Ubuntu 20.04 LTS)

More features and capabilities are planned in the coming months, including changes to aid the transition to a Rust-based sudo in enterprise situations by adding support for SELinux, sudoreplay and ensuring cross-platform compatibility.

But heavy users – those making scripts and workflows based around sudo – should note that the new version is not aiming to be a 1:1 reimplementation of the old version.

The command is still just sudo – you don’t need to learn any new commands!

Lesser-used features of the legacy C-based sudo will not be implemented in the Rust-based rewrite, as its developers opt to take what they describe as a “less is more approach”.

Ubuntu has pledged to keep the original sudo in the archives (including in 26.04 LTS). If you who want (or need) to swap back, you can do so by installing the sudo-ws package.

Ultimately, the purpose of the swap is to make sudo more secure.

Making the switch in Ubuntu 25.10 means there’s time for users to try it out1 in real-world scenarios to ensure feedback lands early enough to improve sudo-rs for its use in next year’s Ubuntu 26.04 LTS release, which will receive support from Canonical for 10+ years.

Why Rewrite Sudo in Rust?

The Rust programming language is everywhere in open-source software right now, being used to create everything from terminal-based tools to complex GUI apps, from simple Linux kernel subsystems through to full-blown drivers.

But why is it so in vogue?

Rust is billed as a “memory safe language” because it applies strict checks at compile time (rather than runtime) to ensure each piece of memory is used correctly. This means it can catch errors before they happen — errors which could be exploited by attackers.

Specifically—I’m cribbing from Wikipedia here as I’m not a developer—Rust prevents buffer overflow (where more data is stored in memory than it can handle, causing it to spill over) and use-after-free (where a programme tries to access freed memory).

Both of those are not just theoretical security vectors either, but proven ones.

Better security transcends trends

If the hard-to-avoid hype around Rust is justified will, ultimately, be for time to decide. Trendiness or technical acuity is moot to my mind. If Rust encourages more people to learn, build and contribute to open-source, that’s welcome by me.

So is Ubuntu’s adoption of sudo-rs.

As sudo is one of the most critical commands on any Linux distro, so any attempt at making it more secure, reliable and hardened against faults, errors, and security threats is the right one.

  1. You can install sudo-rs in Ubuntu 25.04 from the repos, albeit an older version lacking the improvements on offer in the 25.10 build. Run sudo apt install rust-sudo-rs to get it. Don’t set up an alias until you’ve tested it does everything you need. ↩︎