heise PlusAbo

Rust Coreutils 0.9.0: less unsafe, more speed

After an audit by Zellic, uutils/coreutils 0.9.0 fixes numerous TOCTOU flaws, reduces unsafe code, and speeds up I/O via zero-copy.

listen Print view
A red crab holds tools in its claws in front of a circuit board

(Image: Moritz Förster / KI / iX)

5 min. read
iX Magazin
By
Contents

The developers of uutils/coreutils have released version 0.9.0 of their Rust re-implementation of the GNU Core Utilities. The release primarily brings security improvements after an external audit, less unsafe code, and faster I/O paths through zero-copy methods. Additionally, the new version expands support for WebAssembly, Windows, and Cygwin.

uutils/coreutils re-implements the classic GNU Core Utilities in Rust. The project provides numerous standard tools from Unix and Linux systems, including ls, cp, mv, rm, cat, and sort. The goal is to achieve the highest possible compatibility with the GNU counterparts, while simultaneously offering better memory safety and maintainability through Rust.

Security Audit Uncovers TOCTOU Vulnerabilities

The focus of the release is on security improvements stemming from an audit by the company Zellic. The auditors primarily found TOCTOU (Time of Check, Time of Use) vulnerabilities and issues with edge cases in the file system. TOCTOU flaws are race conditions: the state of a file can change between a check and its actual use – and this gap can be exploited.

The maintainers emphasize that the 44 CVEs assigned do not describe classic memory errors. Rather, the audit uncovered behavioral differences compared to GNU Coreutils that can become security-relevant in certain situations. According to the project, version 0.9.0 addresses a large portion of these findings.

To this end, the project introduces a new module called uucore::safe_copy, which secures copy operations against TOCTOU attacks. The recursive operations of cp, mv, and chmod also receive corresponding protective mechanisms. rm handles problematic path specifications like . and .. more robustly. nohup now creates the file nohup.out with the restrictive access rights 0600. And chroot resolves user and group IDs before switching to the new root environment.

Less Unsafe Code, Switch to rustix

In parallel, the team continues to reduce the amount of unsafe code. Numerous parts in tools, tests, and shared libraries now function without unsafe memory or system access. In many areas, the project also replaces the previously used libraries nix and libc with rustix. This provides system calls via more strongly typed Rust interfaces, thus avoiding a range of typical error sources. The transition affects, among others, id, tr, timeout, sort, wc, tail, cp, and who.

New zero-copy data paths under Linux provide increased speed. Several tools now increasingly use the syscalls splice(), tee(), and pipe() to transfer data directly between kernel buffers. Since the data no longer travels through the process's address space, memory accesses and CPU load are reduced. Tools expected to benefit include cat, wc, head, tail, cp, tee, yes, and unexpand. For unexpand, the developers cite a speed increase of around 7.5 percent. cp and tee also work noticeably faster when processing pipe data.

Videos by heise

GNU Compatibility: New Reference, More Tests

The project continues to work intensively on GNU compatibility. The reference is now GNU Coreutils 9.11 instead of 9.10. The number of failing tests in the GNU test suite increases from 21 to 56 – however, according to the project, without regressions. The reason lies in 25 new tests added by GNU to the suite, which uutils does not yet fully pass. Further compatibility corrections concern numfmt, date, tr, cksum, factor, head, stat, and sort.

The changes to numfmt are particularly extensive. The tool now formats numerical values more precisely, rejects scientific notation, and respects the locale setting LC_NUMERIC for the decimal separator. Additionally, there are adjustments in rounding, signs, and the processing of multi-byte suffixes.

ls also receives several corrections and enhancements. These relate to symbolic links, version sorting, and recursive directory listing. Furthermore, the developers have refactored the code so that other programs can integrate ls as a library without necessarily redirecting its output to standard output. As an example, the project cites the shell Nushell.

More Platforms, More Locales

Version 0.9.0 also improves platform support. The tools ln, dd, mktemp, and tty now also run under the WebAssembly System Interface (WASI), which allows WebAssembly applications standardized access to operating system functions outside the browser. Additionally, the developers are improving support for Windows, MSYS2, and Cygwin, and continue to work on porting to OpenBSD. Finally, numfmt and du now also consider regional settings for the decimal separator via LC_NUMERIC.

All details about the update can be found in the Release Notes on the GitHub project page.

Read also

(fo)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten