520
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 29 Aug 2024
520 points (98.7% liked)
Linux
48721 readers
947 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
It’s Ted Ts’o, the maintainer of the ext4 filesystem amongst other things.
Though you’re still accurate despite his seniority.
There's really only one valid response to Ted Ts'o:
If you think you can do better with C, prove it.
CVE-2024-42304 — crash from undocumented function parameter invariants
CVE-2024-40955 — out of bounds read
CVE-2024-0775 — use-after-free
CVE-2023-2513 — use-after-free
CVE-2023-1252 — use-after-free
CVE-2022-1184 — use-after-free
CVE-2020-14314 — out of bounds read
CVE-2019-19447 — use-after-free
CVE-2018-10879 — use-after-free
CVE-2018-10878 — out of bounds write
CVE-2018-10881 — out of bounds read
CVE-2015-8324 — null pointer dereference
CVE-2014-8086 — race condition
CVE-2011-2493 — call function pointer in uninitialized struct
CVE-2009-0748 — null pointer dereference
You seem really invested in pointing out those shortcomings. I respect that.
Arrogant hypocrites are a pet peeve of mine. If someone is going to act like progressive technology changes are beneath them and unnecessary, they should be able to put their money where their mouth is.
Somebody needs to send a public email to the kernel mailing lists with this
How many vulnerabilities have the kernel Rust team introduced in the same time period on the same code?
Let me know when you find one?
Memory ownership isn't the only source of vulnerabilities. It's a big issue, sure, but don't think rust code is invulnerable.
Of course. Rust isn't immune to logic errors, off-by-one mistakes, and other such issues. Nor is it memory safe in
unsafe
blocks.Just by virtue of how memory safety issues account for 50%+ of vulnerabilities, it's worth genuinely considering as long as the bindings don't cause maintainability issues.
The bindings cause maintainability issues. That's the problem.