Canonical's security audit of uutils coreutils revealed 113 issues, including 44 CVEs, leading them to retain GNU versions of 'cp', 'mv', and 'rm' in Ubuntu 26.04. The audit, conducted by Zellic, found critical TOCTOU race conditions and permission vulnerabilities, though most issues have been addressed. The findings highlight ongoing security challenges in Rust-based reimplementations of core Unix utilities.
Background
uutils is a Rust-based reimplementation of GNU coreutils, which are fundamental command-line tools for Unix-like operating systems. Canonical had been considering replacing GNU coreutils with uutils in Ubuntu due to its memory safety advantages.
- Source
- Lobsters
- Published
- May 5, 2026 at 03:41 AM
- Score
- 7.0 / 10