A major foundational change will be hiding beneath all the eye-catching new features in Ubuntu 25.10 ‘Questing Quokka’ when it’s released on October 9: a new and improved version of sudo written in Rust.

As I’m sure you’re all aware, the sudo command lets you run apps, tools and utilities with root or superuser security privileges (sudo being a portmanteau of ‘superuser do’) on Linux. It’s arguably the one Linux command everyone knows.

Currently, the sudo command in Ubuntu is written in C. But Ubuntu 25.10 will default to a new version of sudo written in Rust: sudo-rs.

Why is Ubuntu Using sudo-rs?

The sudo-rs project is developed by Trifecta Tech Foundation who announced the news earlier this month. They say they’re ‘excited’ to see Ubuntu “committing to using sudo-rs and using its role to push adoption of Rust in systems programming”.

Why do this? To improve the security of the sudo command – the most critical command on Linux

Canonical’s Jon Seager, VP Engineering adds the company is “delighted to be investing in critical, low-level software utilities [and] by choosing to adopt sudo-rs I hope to accelerate the path to wider adoption across the Linux ecosystem”.

The change is being made with an aim to improving the security of the sudo command, thanks to the Rust programming languages built-in ‘memory safety’ features.

Of note, the original maintainer of sudo for the past 30 years, Todd Miller, has provided “advice and guidance” to the teams who’ve been working on this Rust-based replacement — encouraging!

What does this mean for you?

Don’t panic thinking you will now need to unpick years of learned muscle memory typing sudo and instead have to type sudo-rs: you won’t.

The command to run sudo is not changing, only the language sudo is programmed in. You still run sudo in Ubuntu 25.10, and when you do it now use sudo-rs.

To make the transition happen, Canonical has supported work to flesh the new version out with:

  • Coarse-grained shell escape prevention (NOEXEC)
  • Controlling AppArmor profiles
  • Being able to use sudoedit
  • Work in pre-Linux 5.9 kernels (like Ubuntu 20.04 LTS)

Further features and capabilities are planned, with changes to aid the transition to the Rust-based sudo in enterprise situations by adding support for SELinux, supporting sudoreplay, adding cross-platform compatibility, and beyond.

One thing to note is that sudo-rs is not aiming to be a 1:1 reimplementation.

The command will remain sudo, so you won’t need to fight muscle memory!

A few minor or lesser-used features of the old C-based sudo will not be implemented in this Rust-based alternative as the developers are taking what they described as a “less is more approach”.

Ubuntu has pledged to keep the original sudo in the archives (including beyond 26.04 LTS) so those who want (or need) to swap back, can do so.

Ultimately, the aim is to make a better and more secure sudo with as no real disruption to end-users.

By making this switch in Ubuntu 25.10, there’s time for users to try it out1, test it in real-world scenarios, and provide feedback to help improve sudo-rs further ahead of inclusion in next year’s Ubuntu 26.04 LTS release, which gets support from Canonical for 10+ years.

Why Rewrite Sudo in Rust?

The Rust programming language is everywhere in open-source software right now, being used to create everything from terminal-based tools to complex GUI apps, from simple Linux kernel subsystems through to full-blown drivers.

But why is it so in vogue?

Rust is billed as a “memory safe language” because it applies strict checks at compile time (rather than runtime) to ensure each piece of memory is used correctly. This means it can catch errors before they happen — errors which could be exploited by attackers.

Specifically—I’m cribbing from Wikipedia here as I’m not a developer—Rust prevents buffer overflow (where more data is stored in memory than it can handle, causing it to spill over) and use-after-free (where a programme tries to access freed memory).

Both of those are not just theoretical security vectors either, but proven ones.

Better security transcends trends

Whether the hard-to-avoid hype around Rust is justified is, ultimately, for time to decide. Technical acuity is all well and good, but any language that encourages more people to learn, build and contribute to open-source is welcome by me.

As is Ubuntu’s adoption of sudo-rs — sudo is one of the most critical commands on any Linux distro, so any attempt at making it more secure, reliable and hardened against faults, errors, and security threats is the right one.

  1. You can install sudo-rs in Ubuntu 25.04 from the repos, albeit an older version lacking the improvements on offer in the 25.10 build. Run sudo apt install rust-sudo-rs to get it. Don’t set up an alias until you’ve tested it does everything you need. ↩︎