| Headlines |
| 2026-05-04 |
A comparison of GNU coreutils vs Rust coreutils |
 |
When Canonical launched Ubuntu 25.10 and, more recently, 26.04, the company shipped an alternative to the GNU coreutils package. The GNU coreutils package includes low-level userland utilities such as mv (move) and cp (copy). These GNU utilities are written in the C programming language. Canonical has replace these programs with alternatives written in the Rust language. The idea behind the replacements is Rust is a "memory safe" language, which avoids common security issues. The problem, as some people have pointed out, is that the GNU coreutils programs have been around for decades and probably don't include any memory-related bugs at this stage in their development. What they do include, as Collin Funk has pointed out, is hard-won wisdom which has removed a lot of potential bugs that are not related to memory issues. Collin points out that many of the new Rust utilities include race conditions, logic errors, or permission problems which can be exploited, but which have long been addressed in the GNU versions of the programs.
"Canonical posted an update about their decision to switch to uutils reimplementation of GNU coreutils. In it, they detail the audit performed by Zellic, which found 113 issues, 44 of which were assigned CVEs. They go on to explain that as a result of TOCTOU races, they have decided to continue using GNU 'cp', 'mv', and 'rm' in Ubuntu 26.04.
Canonical highlights in bold text that 'the vast majority of issues have been addressed and resolved'. Sadly, they do not go into any more detail about which issues still remain unsolved. From my quick skim over them, the CVEs affected version fields do not seem 100% accurate.
I did not get a chance to check all of them, but here are three that I was surprised to notice in a fully up-to-date Ubuntu 26.04 install...."
An overview of the problems and a comparison between the new Rust tools and their GNU equivalents can be found in this mailing list post.
|
More headlines from this project
Back to News
|
|
| TUXEDO |
TUXEDO Computers - Linux Hardware in a tailor made suite
Choose from a wide range of laptops and PCs in various sizes and shapes at TUXEDOComputers.com. Every machine comes pre-installed and ready-to-run with Linux. Full 24 months of warranty and lifetime support included!
Learn more about our full service package and all benefits from buying at TUXEDO.
|
| Star Labs |
Star Labs - Laptops built for Linux.
View our range including the highly anticipated StarFighter. Available with coreboot open-source firmware and a choice of Ubuntu, elementary, Manjaro and more. Visit Star Labs for information, to buy and get support.
|
|
• 
• 
• 
• 
• 
• 
• 
bc1qxes3k2wq3uqzr074tkwwjmwfe63z70gwzfu4lx 
lnurl1dp68gurn8ghj7ampd3kx2ar0veekzar0wd5xjtnrdakj7tnhv4kxctttdehhwm30d3h82unvwqhhxarpw3jkc7tzw4ex6cfexyfua2nr 
86fA3qPTeQtNb2k1vLwEQaAp3XxkvvvXt69gSG5LGunXXikK9koPWZaRQgfFPBPWhMgXjPjccy9LA9xRFchPWQAnPvxh5Le