This project contains known security vulnerabilities. Find detailed information at the bottom.

Crate rudo

Dependencies

(9 total, 5 outdated, 1 insecure)

CrateRequiredLatestStatus
 clap^2.334.5.40out of date
 libc^0.20.2.174up to date
 log^0.40.4.27up to date
 oslog^0.10.2.0out of date
 pam-client^0.20.5.0out of date
 serde^1.01.0.219up to date
 serde_yaml^0.8.40.9.34+deprecatedout of date
 systemd^0.90.10.0out of date
 users ⚠️^0.110.11.0insecure

Security Vulnerabilities

users: `root` appended to group listings

RUSTSEC-2025-0040

Affected versions append root to group listings, unless the correct listing has exactly 1024 groups.

This affects both:

  • The supplementary groups of a user
  • The group access list of the current process

If the caller uses this information for access control, this may lead to privilege escalation.

This crate is not currently maintained, so a patched version is not available.

Versions older than 0.8.0 do not contain the affected functions, so downgrading to them is a workaround.

Recommended alternatives

  • uzers (an actively maintained fork of the users crate)
  • sysinfo