Maybe "rewrite it in Rust" is annoying, but from my point of view "Rust doesn't prevent every bug ever, so you should just use C or C++" is much more annoying.
-
-
Replying to @pcwalton
Would you prefer: (a) run C untrusted input parser in a tight, audited sandbox, or (b) run Rust untrusted input parser in a sensitive unsandboxed process?
3 replies 0 retweets 7 likes
Replying to @Gok
Depends on the quality of the unsafe code in the Rust parser. I like sandboxes, but I don’t have unlimited confidence in them given the attack surface of the interface to the TCB (kernel, trusted broker process, etc.)
10:48 PM - 28 Jan 2020
0 replies
0 retweets
15 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.