The Rust‑based reimplementation of GNU Coreutils reaches 0.9, adding audit‑driven security fixes, cutting unsafe code, and delivering zero‑copy I/O for splice, tee and pipe. Pass rate drops to 90.4% due to expanded test coverage, while Ubuntu targets full adoption for 26.10.
Announcement
The Rust Coreutils project announced version 0.9 on 30 May 2026. The release follows a third‑party security audit funded by Canonical, and it adds a zero‑copy I/O path for the classic splice, tee and pipe utilities. The new tag pushes the test‑suite pass rate to 90.4 %, a slight dip from the 94.7 % achieved by 0.8, but the regression is explained by an expanded GNU test suite that now covers edge cases not yet handled by the Rust code.
Technical specifications
| Feature | Detail |
|---|---|
| Security hardening | Audit identified 12 medium‑severity and 3 high‑severity Rust‑specific issues. All have been patched, and the unsafe block count fell from 1,842 to 1,215 (≈34 % reduction). |
| Zero‑copy I/O | Implemented a splice‑based pipeline that maps kernel buffers directly into user space, eliminating an extra memcpy per pipe hop. Benchmarks on an Intel Xeon E‑2288G show a 23 % latency reduction for dd if=/dev/zero of=file bs=1M count=1024 when the --zero-copy flag is enabled. |
| Test‑suite pass rate | 90.4 % of 12,317 GNU Coreutils tests now pass. The drop from 0.8 is attributed to 1,102 newly added tests that expose subtle POSIX‑compliance gaps. |
| Platform support | WebAssembly (wasm32‑unknown‑unknown) builds now include full tar and gzip support; Cygwin and native Windows binaries are signed with Authenticode and pass Windows 10 2022 compatibility checks. |
| Code size | Binary footprint for the ls utility shrank from 1.12 MiB to 1.03 MiB after removing dead code and consolidating shared libraries. |
The zero‑copy implementation leverages the Linux splice(2) system call, which transfers data between file descriptors without copying to user space. By chaining splice calls for tee and pipe, the utilities achieve true in‑kernel data movement, a technique previously only available in specialized tools like rsync. On Windows, the team used the TransmitFile API to approximate the same behavior, resulting in a 15 % throughput gain on SMB‑mounted volumes.
Market implications
Canonical’s investment signals a strategic push to replace the traditional GNU Coreutils binaries in Ubuntu 26.10. If the Ubuntu team reaches its goal of 100 % Rust Coreutils adoption, the distribution will ship a full suite of utilities compiled with Rust’s memory‑safety guarantees, reducing the attack surface for privilege‑escalation exploits that rely on buffer overflows in C code.
Security‑focused enterprises that standardize on Ubuntu LTS releases could see a measurable reduction in CVE exposure. According to the latest NIST data, ≈42 % of recent privilege‑escalation bugs in the GNU toolchain originated from unsafe memory handling in core utilities. Replacing those binaries with Rust‑based equivalents could cut that figure by half, assuming comparable deployment rates.
From a supply‑chain perspective, the Rust implementation simplifies reproducible builds. The project now publishes deterministic Cargo lockfiles and uses cargo vendor to embed all third‑party crates, eliminating the need for external package mirrors during image construction. This aligns with the broader industry trend toward SBOM‑driven compliance, where each crate’s version is tracked in the final image manifest.
The performance gains from zero‑copy I/O may also affect workload scheduling in cloud environments. Benchmarks on a dual‑socket AMD EPYC 9654 show that batch‑oriented data‑movement scripts using dd and tar complete 0.8 seconds faster on a 10 GiB payload, translating to modest cost savings when scaled across thousands of instances.
Developers interested in the source can follow the release notes on the GitHub tag page. The project also provides a detailed audit report in the repository’s docs/audit/ directory, and a reproducible build script is available in the ci/ folder.
Overall, Rust Coreutils 0.9 marks a clear step toward safer, faster system utilities. The combination of audit‑driven hardening, reduced unsafe code, and kernel‑level I/O optimizations positions the project as a viable replacement for the legacy GNU suite, especially in security‑sensitive distributions that are willing to adopt the newer binaries before full test‑suite parity is achieved.
Comments
Please log in or register to join the discussion