[knorker]

> how is it possible for a single dev team to totally reimplement it without unknowingly introducing at least a bug or two?

As someone with over three decades of C programming experience (so not as much as you), maintaining widely used stuff written in C for decades, that has recently switched from C and C++ as main languages for systems programming to Rust, I'd instead ask this: How is it possible, even given 43 years of working the problem, to create a program in C that does what it's supposed to, and only what it's supposed to?

But also, one of the answers from the article is "Leaving out less commonly used features so as to reduce attack surface". Most security bugs in sudo are in features I don't use.

Rust isn't just memory safe. It's also orders of magnitude harder to accidentally make other mistakes, such as race conditions.