Rust Coreutils 0.9 has been released as a security-focused update to the Rust-based reimplementation of GNU Coreutils. This version introduces extensive filesystem hardening, reduces unsafe code, improves GNU compatibility, and enhances performance.
For those unfamiliar, uutils Coreutils is a Rust implementation of standard command-line utilities provided by GNU Coreutils, such as cp, mv, rm, ls, cat, head, tail, wc, chmod, and so on. The project aims to offer compatible replacements for these tools while leveraging Rust’s safety model and modern tooling.
Key security changes in Rust Coreutils 0.9 include the new TOCTOU-resistant uucore::safe_copy module. The release also provides TOCTOU (time-of-check to time-of-use) fixes for cp, mv, and recursive chmod, as well as improved rm protection for dot and dot-dot path parsing.
Other security improvements include creating nohup.out with mode 0600 and resolving all IDs before entering the chroot environment.
This release also continues to reduce unsafe Rust code, with dozens of unsafe code removals across utilities, tests, fuzz targets, and shared uucore components. Low-level syscall usage is also transitioning from nix and libc to rustix in tools such as id, tr, timeout, sort, wc, tail, cp, who, and factor.
Performance improvements in this release include zero-copy I/O fast paths using Linux mechanisms such as splice(), tee(), and pipe() in tools like cat, wc, head, tail, yes, cp, tee, and unexpand.
The release notes highlight a 7.5% improvement for unexpand, faster cp performance when reading from a pipe on Linux, tee enhancements through raw syscalls, and yes now using the tee syscall.
Regarding GNU compatibility, Rust Coreutils 0.9 updates its GNU reference from Coreutils 9.10 to 9.11, expanding the upstream test suite from 665 to 690 tests. Consequently, the number of failing tests increased from 21 to 56. The project notes that the increase in failing tests is due to the expanded GNU test suite, not regressions in existing functionality.
On top of that, several utilities received GNU compatibility fixes, including numfmt, date, tr, cksum, factor, head, stat, and sort.
The ls command receives several improvements. Rust Coreutils 0.9 fixes ls -lF symlink target indicators, corrects link-count column behavior for files with ACLs, addresses version-sorting and recursive-mode issues, and improves permissions-column width handling.
Additionally, ls has been refactored so crate users, including Nushell, can call it without requiring all output to be written directly to standard output.
Finally, cross-platform support has expanded, with this release adding WASI and WebAssembly support for ln, dd, mktemp, and tty.wasm, as well as Cygwin CI and build improvements for tools such as date and stdbuf. Windows support for tty, including MSYS2 paths, has also improved.
For additional details, see the changelog.
