Sudo’s maintainer needs resources to keep utility updated • The Register
It’s hard to imagine something as fundamental to computing as the sudo command becoming abandonware, yet here we are: its solitary maintainer is asking for help to keep the project alive.
It’s a common trope in the open-source computing community that a small number of solitary maintainers do a disproportionate amount of work keeping critical software going, often with little recognition or support. Ubuntu Unity and the NGINX Ingress Controller are just two examples we’ve covered in recent months, and now we can add another, far more critical one to the mix.
Sudo, for those not familiar with Unix systems, is a command-line utility that allows authorized users to run specific commands as another user, typically the superuser, under tightly controlled policy rules. It is a foundational component of Unix and Linux systems: without tools like sudo, administrators would be forced to rely more heavily on direct root logins or broader privilege escalation mechanisms, increasing both operational risk and attack surface.
“For the past 30+ years I’ve been the maintainer of sudo,” developer Todd C. Miller notes on his personal webpage. “I’m currently in search of a sponsor to fund continued sudo maintenance and development. If you or your organization is interested in sponsoring sudo, please let me know.”
Miller has been maintaining sudo since 1993. According to sudo’s website, Miller’s former employer, Quest Software, served as sudo’s sponsor beginning in 2010, but its sponsorship of sudo ended in February 2024, which coincides with Miller’s departure from Quest subsidiary One Identity.
Archived copies of Miller’s website suggest he’s been looking for a sudo patron since then.
That said, sudo updates haven’t dried up since then, with plenty of updates released since February 2024 according to sudo’s changelog, so Miller is clearly still working on it – and it definitely still needs updates.
A number of security issues in sudo in recent years have needed patching, like a heap buffer overflow bug identified in 2021 that let any local user gain root-level privileges despite their account not being allowed to run sudo commands. The bug had been present for more than a decade, security researchers noted at the time.
Memory issues have been a common problem for sudo, which has led to the development of sudo-rs, a reinvention of the utility built in Rust, which should make it memory safe and reduce Linux systems’ attack surfaces. Ubuntu switched to sudo-rs as the default sudo implementation with the release of Ubuntu 25.10 in October 2025.
Whether sudo will cede more ground to sudo-rs may in part have to do with whether Miller finds a sponsor to fund continued development of the utility. The Sudo Project has a number of individual sponsors on Github, but given the message on Miller’s site remains up two years after he posted it, those individuals likely aren’t footing enough of the bill to let him continue to invest time and energy into the project ad infinitum, just like so many other open source maintainers and developers also in his shoes.
We reached out to Miller with questions on sudo’s future, but didn’t hear back. ®
