rudo 0.8.8

This project contains known security vulnerabilities. Find detailed information at the bottom.

Crate `rudo`

Dependencies

(9 total, 5 outdated, 1 insecure)

Crate	Required	Latest	Status
clap	`^2.33`	`4.5.40`	out of date
libc	`^0.2`	`0.2.174`	up to date
log	`^0.4`	`0.4.27`	up to date
oslog	`^0.1`	`0.2.0`	out of date
pam-client	`^0.2`	`0.5.0`	out of date
serde	`^1.0`	`1.0.219`	up to date
serde_yaml	`^0.8.4`	`0.9.34+deprecated`	out of date
systemd	`^0.9`	`0.10.0`	out of date
users ⚠️	`^0.11`	`0.11.0`	insecure

Security Vulnerabilities

`users`: `root` appended to group listings

RUSTSEC-2025-0040

Affected versions append root to group listings, unless the correct listing has exactly 1024 groups.

This affects both:

The supplementary groups of a user
The group access list of the current process

If the caller uses this information for access control, this may lead to privilege escalation.

This crate is not currently maintained, so a patched version is not available.

Versions older than 0.8.0 do not contain the affected functions, so downgrading to them is a workaround.

Recommended alternatives

uzers (an actively maintained fork of the users crate)
sysinfo