ripgrep is so cool; we need more basic utilities reimagined for modern use cases and reimplemented in languages that aren't security disastershttps://github.com/BurntSushi/ripgrep/releases/tag/11.0.0 …
-
-
-
Replying to @johnregehr @vyodaiken
Howard Chu Retweeted RustSec
Yes it does. https://mobile.twitter.com/RustSec/status/1031908818936987650 … In both C and rust, braindead libraries can break your program.
Howard Chu added,
2 replies 0 retweets 1 like -
Howard Chu Retweeted Howard Chu
And it's easy to make bulletproof libraries to replace the shitty standard libraries in C.https://mobile.twitter.com/hyc_symas/status/1102573036534972416 …
Howard Chu added,
2 replies 0 retweets 0 likes -
The difference is that nothing stops people from passing bad pointers into your "bulletproof" strcpy. Absence of undefined behavior in Rust can be verified (formally or otherwise) at unsafe module boundaries; the same verification can only be done at *process* boundaries in C.
1 reply 0 retweets 9 likes -
Replying to @awesomeintheory @hyc_symas and
Since in most Rust repositories (including ripgrep) the amount of unsafe code is orders of magnitude smaller than the amount of code running in the process, this is a pretty significant practical win. Empirically, Rust's stdlib has had *very* few CVEs since it became stable.
1 reply 0 retweets 7 likes -
Shouldn't the amount of unsafe code in a simple user app that scans files for regexps be *zero*? If the language "doesn't have buffer overflows" shouldn't the number of library CVEs have always been zero?
3 replies 0 retweets 0 likes -
Replying to @hyc_symas @awesomeintheory and
Rust will never completely eliminate all memory safety bugs. But it should (and does) significantly reduce their frequency.
2 replies 0 retweets 9 likes -
Replying to @burntsushi5 @hyc_symas and
I would add that in principle, Rust *can* eliminate all undefined behavior in verified unsafe code and any safe code that calls out to it (or will be able to once the formal model becomes realistic enough). But of course not all memory safety bugs are due to undefined behavior.
3 replies 0 retweets 2 likes
Rust programs can and WILL get CVEs for memory safety bugs. The point is that their incidence should drop dramatically relative to roughly equivalent programs written in memory unsafe languages.
-
-
Replying to @burntsushi5 @awesomeintheory and
ya there's a world of difference between "safe by default" and "unsafe by default"
0 replies 1 retweet 4 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.