Conversation

Sigh. We need to stop writing security-critical code in C.
Quote Tweet
A bug lurking for 12 years gives attackers root on every major Linux distro arstechnica.com/information-te by @dangoodin001
48
1,049
(Yes, I know m1n1 is written in C and will probably grow an attack surface once we support signed self-chainloads and I'm not terribly happy about that; wonder if I should try fuzzing FatFs...)
4
115
(The good news is the attack surface is fairly self contained, so replacing the FAT+sigcheck implementation with a Rust one some day is certainly in the cards and ~nothing else really matters there.)
5
113
(Or just make it Rust from the get go since that code doesn't even exist yet. Might be a good excuse to finally learn it properly...)
6
179
Replying to
My problem with Rust is when I first tried it I got something ~simple working on it reasonably easily, and then I tried to architect something serious and failed miserably when I ran into how to make a certain API model interact with ownership. Probably jumped the gun...
5
10