Sigh.
We need to stop writing security-critical code in C.
Quote Tweet
A bug lurking for 12 years gives attackers root on every major Linux distro arstechnica.com/information-te by @dangoodin001
48
143
1,049
Conversation
(Yes, I know m1n1 is written in C and will probably grow an attack surface once we support signed self-chainloads and I'm not terribly happy about that; wonder if I should try fuzzing FatFs...)
4
1
115
(The good news is the attack surface is fairly self contained, so replacing the FAT+sigcheck implementation with a Rust one some day is certainly in the cards and ~nothing else really matters there.)
5
3
113
(Or just make it Rust from the get go since that code doesn't even exist yet. Might be a good excuse to finally learn it properly...)
6
3
179
Replying to
the rust book is just about the friendliest programming tutorial I've ever found - not many other things teach you the what, why, *and* how
1
4
Replying to
My problem with Rust is when I first tried it I got something ~simple working on it reasonably easily, and then I tried to architect something serious and failed miserably when I ran into how to make a certain API model interact with ownership. Probably jumped the gun...
5
10
If you can't figure out how to map a complex ownership owner model to unique ownership with borrows or reference counting there's always the option to use a collection. Instead of using pointers put the graph of objects in an array or map and use indexing to get to the nodes.