An independent security audit of the uutils/coreutils project (a GNU coreutils rewrite in pure-safe-memory-safe-rust) commissioned by canonical uncovered 113 issues including 70 CVEs. Ubuntu 26.04 LTS ships with rust-coreutils 0.8 with most fixes applied, but cp, mv, and rm still fall back to GNU coreutils due to unresolved time-of-check-to-time-of-use (toctou) race conditions. Ubuntu 26.10 targets 100% rust coreutils once those remaining issues are resolved.
Sort: