Todd C. Miller, the sole maintainer of the critical sudo utility for over 30 years, is seeking sponsorship to continue development after his former employer ended support in 2024.
For over three decades, Todd C. Miller has been the sole maintainer of sudo, the ubiquitous Unix utility that allows authorized users to execute commands with elevated privileges. Now, after 30+ years of maintaining this critical piece of infrastructure, Miller is seeking sponsorship to continue his work on the project.
Miller's situation highlights a persistent challenge in the open-source ecosystem: critical software components often rely on the dedication of individual maintainers who work with minimal recognition or financial support. This pattern has become increasingly visible in recent years, with projects like Ubuntu Unity and the NGINX Ingress Controller facing similar challenges.
The critical role of sudo
For those unfamiliar with Unix-like systems, sudo (which stands for "superuser do") is a command-line utility that enables authorized users to run specific commands as another user, typically the superuser, under tightly controlled policy rules. It serves as a fundamental security mechanism, allowing system administrators to grant selective elevated privileges without sharing root passwords or requiring constant root logins.
Without tools like sudo, administrators would need to rely more heavily on direct root logins or broader privilege escalation mechanisms, significantly increasing both operational risk and attack surface. The utility's importance cannot be overstated—it's essentially a cornerstone of modern Unix and Linux system administration.
A 30-year maintenance journey
Miller has been at the helm of sudo since 1993, making him one of the longest-serving maintainers in the open-source world. His former employer, Quest Software, served as sudo's sponsor beginning in 2010, but this sponsorship ended in February 2024, coinciding with Miller's departure from Quest subsidiary One Identity.
Despite the loss of corporate sponsorship, sudo updates have continued to flow. The project's changelog shows numerous updates since February 2024, demonstrating Miller's ongoing commitment to the utility. However, the message on his personal website requesting sponsorship has remained active for over two years, suggesting that individual contributions through platforms like GitHub aren't sufficient to fully support his continued work.
Security challenges and modern alternatives
The need for continued sudo maintenance is underscored by the security vulnerabilities that have emerged over the years. In 2021, researchers identified a heap buffer overflow bug that had existed for more than a decade, allowing any local user to gain root-level privileges despite not being authorized to run sudo commands.
Memory safety issues have been a recurring theme for sudo, prompting the development of sudo-rs—a complete reinvention of the utility written in Rust. The memory-safe language promises to eliminate entire classes of vulnerabilities that have plagued the original implementation. Ubuntu made the switch to sudo-rs as the default implementation with the release of Ubuntu 25.10 in October 2025.
The emergence of sudo-rs raises questions about sudo's future trajectory. Will the original sudo cede more ground to its Rust-based counterpart? The answer may depend significantly on whether Miller secures sustainable funding for continued development.
The broader open-source maintenance crisis
Miller's predicament reflects a systemic issue in the open-source world. Critical infrastructure projects often depend on the goodwill and personal resources of individual maintainers who may lack institutional support. This creates a precarious situation where essential tools could falter if maintainers burn out or need to prioritize paid work.
The situation is compounded by the increasing complexity of security threats and the growing reliance on open-source components across the software industry. As one developer noted, maintainers are increasingly drowning in low-quality bug reports, with some suggesting that AI-generated submissions are adding to the burden.
Looking forward
As Miller continues his search for sponsorship, the future of sudo hangs in the balance. The utility remains a critical component of Unix and Linux systems worldwide, and its maintenance requires specialized knowledge accumulated over decades.
The open-source community now faces a choice: continue relying on the dedication of individuals like Miller without adequate support, or develop sustainable models for funding the maintenance of critical infrastructure. The answer to this question will shape the security and reliability of the digital systems we all depend on.
For organizations that rely on sudo—which is to say, virtually every organization running Unix or Linux systems—Miller's call for sponsorship represents an opportunity to invest in the security and stability of their own infrastructure. The question is whether they'll recognize this opportunity before it's too late.
We reached out to Miller for comment on sudo's future but did not receive a response by publication time.
Comments
Please log in or register to join the discussion