Rust Coreutils 0.9 Released: Enhanced Security and Zero-Copy I/O Implementation

The latest version of the Rust-based reimplementation project for GNU Coreutils, “Rust Coreutils,” has been officially released as version 0.9 on May 30, 2026. This release highlights significant security enhancements based on a third-party audit and the introduction of zero-copy I/O.

What is Rust Coreutils?

Rust Coreutils is an ambitious open-source project aimed at reimplementing the essential command line utilities that form the backbone of Linux systems (such as cp, mv, ls, cat, rm, and dozens more) using the Rust programming language instead of C. Traditional GNU Coreutils, developed in C over many years, has faced challenges related to memory safety, including vulnerabilities like buffer overflows and undefined behaviors. Rust, with its ownership system enforced at compile-time, ensures memory safety and has the potential to address these issues fundamentally. The goal of Rust Coreutils is to provide a safer alternative while maintaining compatibility with GNU Coreutils.

Background of Security Enhancements The

security enhancements in version 0.9 are no accident. Canonical, as part of its efforts to integrate Rust Coreutils into Ubuntu, funded a third-party security audit. Based on the audit findings, substantial improvements were made across the entire codebase. Specifically, multiple security issues identified during the audit were addressed, and the overall robustness of the code was enhanced. Of particular note is the reduction in the use of “unsafe” code blocks in Rust. In Rust, “unsafe” blocks bypass the compiler’s safety checks, making them more prone to bugs and vulnerabilities. Version 0.9 places a strong emphasis on minimizing the use of “unsafe” code, thereby maximizing the language’s inherent safety benefits.

Canonical’s Strategy for Ubuntu 26.10

Canonical’s active financial support of this project is tied to its clear goal: full adoption of Rust Coreutils in Ubuntu 26.10, set for release in late 2026. If one of the largest Linux distributions, Ubuntu, officially adopts Rust Coreutils, it would be a significant milestone for the Rust ecosystem as a whole. Replacing foundational system commands with Rust-based alternatives is expected to not only reduce the risk of security incidents but also demonstrate the practicality and reliability of Rust to the broader industry.

Introduction of Zero-Copy I/O Another major

update in version 0.9 is the implementation of zero-copy I/O for the splice, tee, and pipe commands. Zero-copy I/O is a method of transferring data between the kernel and user space without copying data in memory, instead passing buffer pointers. This approach significantly reduces CPU load and memory bandwidth consumption when handling large volumes of data. The pipe command, in particular, is used extensively in Linux systems, so its performance improvements could have a positive impact on the overall system responsiveness. Similarly, splice and tee, which are essential for data relaying and distribution, stand to benefit greatly from zero-copy optimization.

Test Suite Pass Rate Considerations Rust

Coreutils 0.9 has achieved a pass rate of 90.4% on the GNU test suite. While this is a drop from version 0.8’s 94.7% pass rate, it is not indicative of a decline in quality. The primary reason for the lower pass rate is the expansion of the test suite, which now includes more test cases, covering previously untested areas and revealing failures that had not been detected before. It is important to note that the quality of the Rust Coreutils codebase itself has not deteriorated. Nonetheless, addressing the remaining 10% of test failures will be a key focus for the development team moving forward.

Expanding Support for WebAssembly and Windows

In addition to security and performance improvements, version 0.9 also expands platform compatibility. Support for WebAssembly, Cygwin, and Windows has been enhanced, broadening the applicability of Rust Coreutils beyond Linux. WebAssembly support, for example, could enable Unix-like commands to be executed in browser-based environments, making it useful for cloud-based development and educational purposes. Similarly, improved Windows compatibility enhances convenience in cross-platform development scenarios.

The Trend of Reimplementing System Software

in Rust The progress of Rust Coreutils can be seen as part of a broader industry trend. Recent developments, including the introduction of Rust code into the Linux kernel and the release of “sudo-rs,” a Rust-based implementation of the sudo command, illustrate the growing adoption of Rust for system software development. As memory safety vulnerabilities remain a significant challenge in software security, the movement to replace legacy C code with Rust is likely to gain further momentum. The release of Rust Coreutils 0.9 is a key milestone in this trend. If fully adopted in Ubuntu 26.10, Rust Coreutils will transition from an experimental project to a standard component of a major distribution, decisively reinforcing Rust’s position in the open-source community.