Creating memory-safe replacement for GNU coreutils

Key facts

Investment Amount
Investment Year(s)

The coreutils are a set of programs installed by default on most Unix systems. Among the coreutils are commonly used programs providing basic functionality for interfacing with the operating system such as ls, cp, head, tail, cat, mkdir, touch, wc, and many others. These utilities are often used in scripts, a set of instructions for an operating system or program, where it is crucial that they function as expected. If the output of these core utilities is different than expected, these might lead to errors when executing the script. The uutils coreutils provide a common interface to these utilities across platforms.

By rewriting critical components, specifically the GNU coreutils, in Rust—a memory-safe language—the project mitigates potential security risks associated with the use of the C programming language. This transition enhances the overall security, stability, and reliability of the modern operating system.

The initiative is significant because it minimizes the risk of exploitation on machines operating numerous public services. Additionally, the project has been able to attract more contributors by adopting Rust, a language gaining popularity among software engineers.

The project is led by an experienced Debian maintainer collaborating with Rust experts. While this work initially focuses on Debian and Ubuntu, it supports many other operating systems like Mac OS X, Windows, FreeBSD, OpenBSD, Android, and Redox.

Why is this important?

Transitioning critical components to a memory-safe language, mitigates common vulnerabilities that often lead to serious security issues in Debian, Ubuntu, and the broader ecosystem of Linux distributions. This is crucial in safeguarding the integrity of systems that operate a diverse range of public services, reducing the potential for exploitation, and ensuring the stability and reliability of systems that use these components.

Moreover, the project is aligned with the evolving landscape of programming languages and developer preferences. The choice of Rust not only addresses security concerns but also reflects a broader industry trend like with Firefox, the Linux kernel, Android, etc. As Rust gains popularity among engineers, the project serves as an attractive opportunity to draw new contributors into the community. This influx of contributors can lead to increased collaboration, a broader skill set within the community, and a more sustainable and resilient development ecosystem.

What are we funding?

The STF is commissioning work to enhance Linux's security and functionality by seamlessly replacing critical utilities that are part of GNU Coreutils with memory-safe implementations in Rust.

  1. File Management Utilities
    • Compatibility for widely used commands such as ls and mv, ensuring a seamless transition for users.
    • Ensure compatibility for essential file management utilities, including chown, cp, install, mkdir, rm, and touch.
  2. Display and Formatting Utilities
    • Compatibility for critical display and formatting utilities like df, du, fmt, printf, stat, tail, and wc.
    • Enhanced system monitoring and data presentation capabilities, providing users with efficient tools for analysis.
  3. Additional Utilities
    • Compatibility for other utilities like cut, date, and seq, offering users a comprehensive toolset for data manipulation and time management.
  4. Custom Argument Parser Development
    • Implement a custom argument parser emulating GNU parsing behavior, reducing code complexity and enhancing maintainability.
    • Ongoing development to implement missing features and integrate them into Coreutils.
  5. Maintenance and Bug Fixes
    • Conduct continuous maintenance and bug fixes to ensure stability and reliability of Rust Coreutils.
    • Address open bug reports, implement fixes based on user feedback, and maintain high performance through ongoing optimizations.

More technologies

All technologies