(essay) by wertperch Sun Jun 01 2025 at 19:40:46

An Ubuntu-led rewrite of the coreutils in Rust


"…while performance is one of the cited reasons for undertaking this effort, the biggest reason is, of course, security…"
OS News


Uutils is an ambitious project that to rewrite the classic *coreutils* package in the Rust language. The goal of uutils is supposedly to offer a safer, more efficient, and Rust-idiomatic implementation of these widely-used tools. Built with the language's emphasis on memory safety and performance, uutils aims to provide developers and system administrators with a modern alternative to the traditional coreutils, while ensuring compatibility with existing Unix-like systems. This initiative not only enhances the robustness of command-line utilities but also contributes to the broader Rust ecosystem by showcasing the language's practical applications in systems programming.

This is part of a trend that, while i was initially quite happy to see, has now descended into the territory of "I'm not sure how to feel about this". Part of the growing "write it in Rust movement is the rewriting of the linux coreutils, those tools and applications central to the Linux OS ecosystem. Performance and security are a big part of any operating system; a user wants their system to be performant and safe. Any application should take care of the data entrusted to it, and this has been part of the rationale behind the move toward more Rust in Linux.

Now that Rust is slowly moving into the kernel, many developers have started to rewrite some of the user-facing programs, often including new functionality, (zoxide, and bat being just two examples of this enhanced utility. Increasingly, Linux "influencers" are singing the praises of these programs, citing not just their stability and safety, but the enhanced features they offer. We in turn try out these new tools, become enamoured of them and incorporate them into our workflow and scripts, and subconsciously accept not only that Rust is here to stay, but that it represents a leap forward in utility. This subtle acceptance of a "Rust utilities must be better" philosophy has seemingly led to the move to replace all the things with Rust tools. i've noticed this in myself, having tried tools like fzf, ripgrep] and zoxide, and you'd think that i'd be happy to see Ubuntu taking the lead by overseeing this project. But i have had an epiphany, and it's connected with one of the more crucial aspects of coreutils, the sudo command. Yes, as part of the process of oxidation, sudo-rs will be replacing plain sudo in Ubuntu Linux from Ubuntu 25.10 onward, which means October this year.

It is, to my mind, difficult to see how utilities such as chmod or chown will benefit from either speed or memory safety in this rewrite. so many of these utilities are as fast as hey eed to be already, and have been used by millions for so long that it's hard to see the benefit of the exercise.

This worries me. Taking sudo and rewriting it seems like work for work's sake. Sudo is a veteran, battle-hardened utility, developed in the 1980s and a vital part of BSD and Linux distributions for decades. My concern is that any current testing tools will likely miss bugs in the new utility, leading to potential vulnerabilities in a system. Everyone knows sudo, knows how to use it, understands its strengths and weaknesses, relies on it for protection, trusts it. This can hardly be said of the upstart sudo-rs, which is of concern to any Linux user. I worry that Ubuntu are making a mistake; not that Rust itself is the mistake, but that they are forcing Uutils on their users and perhaps rushing into things. i worry that this is the camel's nose, and soon the whole tent will be full of Rust, and untested utilities.

Perhaps I'm worrying too much, but I fear that this is a move made too fast. Is there a need for a coreutils rewrite? I doubt it; as I say, these utilities have been tested on the battlefield and this looks like a rewrite for its own sake. It's not like these tools are broken, rather they've been refined and honed over decades of use. I'm happy with the tools I've tried so far, but they are hardly critical aspects of my system. Sudo is, and it feels like Ubuntu is doing a Microsoft, telling us this untested change is for our own good. I can only hope that I'm wrong about this move, and that there are no serious repercussions.

i am not alone in feeling this way, many far more experienced and knowledgable than i have voiced concerns:

'Security is an extremely weird argument to make here, as none of them talk to the network. But as every rewrite, this will introduce new logic bugs – potentially some that result in you losing all your files because mv or rm behave slightly differently than a script expects (or even cp not creating the copy you expect correctly). These tools all already exist, they don’t gain many new features, the code has been battle tested over decades. Replacing it with something new and almost certainly not 100% compatible that also hasn’t been battle tested for decades is just a terrible idea and nothing else. I wonder if the true motivation here is that the person is one of the followers of the “All code needs to be rewritten in Rust, no matter whether it makes sense or not” cult and he just wants to push more Rust code into everything.' ¹
—'js'



¹
https://www.osnews.com/story/141908/ubuntu-to-replace-classic-coreutils-and-more-with-new-rust-based-alternatives/
Uutils website 


$ xclip -o | wc -w
839

Page category:

I like it!