Security issues discovered in sudo-rs

Debian rang the alarm bell: two flaws were found in sudo-rs, the Rust-made version of the tool that lets you run admin commands. The scary bits? On some systems, part of your password could be seen as you typed, and certain setups might slip past an authorization check. Debian says it’s fixed in stable (Trixie) with version 0.2.5-5+deb13u1. If you’re running it, update now and check the security tracker for details. That’s the news. But the comments? That’s the show.

First on stage, portmanteaufu played the helpful hero: “To save everyone a click,” they pasted the guts of the advisory, instantly becoming the thread’s unofficial stenographer. Then wiz21c lit the fuse with the line heard ’round the language wars: “It’s just programming errors, nothing to do with Rust.” Cue the classic split: one side insists Rust can’t fix logic mistakes, the other side mutters that no language is magic and security tools must earn trust. Meanwhile, _flux showed up with the engineer energy: “What were the actual fixes like?” Translation: show us the code, not just the headline. The mood: update first, debate forever. Between the password-peek panic and the “auth bypass” spook, the meme machine revved (“sudo? more like pseudo”), but the takeaway stayed sober—patch now, then argue about whether Rust’s halo is a little crooked. More info at Debian Security.