Date: Fri, 6 Sep 2024 18:27:05 -0400 From: Joe Schaefer <joesuf4@gmail.com> To: Alan Somers <asomers@freebsd.org> Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: The Case for Rust (in any system) Message-ID: <CAOzHqcL1pZxQCnUSXsKzdhCgEdTD0_fFVPPMN-OsMx-LVsEJbw@mail.gmail.com> In-Reply-To: <CAOtMX2iCNX5OkdeghnbmcMrO0UYWwm4zfxFSZGznOznu%2Bmh5rA@mail.gmail.com> References: <CAOtMX2iCNX5OkdeghnbmcMrO0UYWwm4zfxFSZGznOznu%2Bmh5rA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--000000000000e299b106217ae812 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable What a goofy thing to say. On Thu, Sep 5, 2024 at 2:09=E2=80=AFPM Alan Somers <asomers@freebsd.org> wr= ote: > By now I expect that most of you have seen the long list of new > security advisories that just came out. Strikingly, all were the > result of memory handling errors. And none of them wouldn't have > happened if their respective programs had been written in a > memory-safe language. > > In fact, of all the C bug fixes that I've been involved with (as > either author or reviewer) since May, about three quarters could've > been avoided just by using a better language. > > The real takeaway here is that C is no longer sufficient for writing > high quality code in the 2020s. Everyone needs to adapt their tools. > Programmers who don't will increasingly come to resemble experimental > archaeologists, i.e. people who learn flintknapping to "keep the > knowledge alive". Such people are valuable, but definitely niche. I > for one don't want my career to go in that trajectory. > > To summarize, here's the list of this week's security advisories, and > also some other recent C bug fixes of my own involvement: > > Buffer overflow > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > https://cgit.freebsd.org/src/commit/?id=3D3aaaca1b51ad844ef9e9b3d945217ab= 3dd189bae > CVE-2024-45288 > <https://cgit.freebsd.org/src/commit/?id=3D3aaaca1b51ad844ef9e9b3d945217a= b3dd189baeCVE-2024-45288> > FreeBSD-SA-24:09.libnv > > https://cgit.freebsd.org/src/commit/?id=3Da06fc21e770a482c8915411ebc98c87= 0e42dd29b > CVE-2024-41928 > <https://cgit.freebsd.org/src/commit/?id=3Da06fc21e770a482c8915411ebc98c8= 70e42dd29bCVE-2024-41928> > FreeBSD-SA-24:10.bhyve > > https://cgit.freebsd.org/src/commit/?id=3Daf438acbfde3d25dbdc82b2b3d72380= f0191e9d9 > CVE-2024-42416 > <https://cgit.freebsd.org/src/commit/?id=3Daf438acbfde3d25dbdc82b2b3d7238= 0f0191e9d9CVE-2024-42416> > FreeBSD-SA-24:11.ctl > > https://cgit.freebsd.org/src/commit/?id=3Ddb87c98168b1605f067d283fa36a710= 369c3849d > FreeBSD-SA-24:11.ctl > <https://cgit.freebsd.org/src/commit/?id=3Ddb87c98168b1605f067d283fa36a71= 0369c3849dFreeBSD-SA-24:11.ctl> > > https://cgit.freebsd.org/src/commit/?id=3D5c9308a4130858598c76f3ae6e3e3df= b41ccfe68 > CVE-2024-32668 > <https://cgit.freebsd.org/src/commit/?id=3D5c9308a4130858598c76f3ae6e3e3d= fb41ccfe68CVE-2024-32668> > FreeBSD-SA-24:12.bhyve > > Integer overflow > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > https://cgit.freebsd.org/src/commit/?id=3D36fa90dbde0060aacb5677d0b113ee1= 68e839071 > CVE-2024-45287 > <https://cgit.freebsd.org/src/commit/?id=3D36fa90dbde0060aacb5677d0b113ee= 168e839071CVE-2024-45287> > FreeBSD-SA-24:09.libnv > > https://cgit.freebsd.org/src/commit/?id=3Dc3e6dfe55c0e81d0717b0458bc95128= 384c3ebe8 > FreeBSD-SA-24:14.umtx > <https://cgit.freebsd.org/src/commit/?id=3Dc3e6dfe55c0e81d0717b0458bc9512= 8384c3ebe8FreeBSD-SA-24:14.umtx> > > Use after free > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > https://cgit.freebsd.org/src/commit/?id=3D670b582db6cb827a8760df942ed8af0= 020a0b4d0 > CVE-2024-45063 > <https://cgit.freebsd.org/src/commit/?id=3D670b582db6cb827a8760df942ed8af= 0020a0b4d0CVE-2024-45063> > FreeBSD-SA-24:11.ctl > > https://cgit.freebsd.org/src/commit/?id=3D62f40433ab47ad4a9694a22a0313d57= 661502ca1 > CVE-2024-43102 > <https://cgit.freebsd.org/src/commit/?id=3D62f40433ab47ad4a9694a22a0313d5= 7661502ca1CVE-2024-43102> > FreeBSD-SA-24:14.umtx > > Uninitialized memory access > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > > https://cgit.freebsd.org/src/commit/?id=3Dea44766b78d639d3a89afd5302ec6fe= ffaade813 > CVE-2024-8178 > <https://cgit.freebsd.org/src/commit/?id=3Dea44766b78d639d3a89afd5302ec6f= effaade813CVE-2024-8178> > FreeBSD-SA-24:11.ctl > > https://cgit.freebsd.org/src/commit/?id=3D0f2b2276abc305905e7d88619a7abca= 26b0dd7eb > > Memory Leaks > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > https://cgit.freebsd.org/src/commit/?id=3D2909ddd17cb4d750852dc04128e584f= 93f8c5058 > > Incorrect union member access > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D > > https://cgit.freebsd.org/src/commit/?id=3D9a5a7c90d5e5971fe2b9c9265e9279a= 6f173a8f3 > CVE-2024-6119 > <https://cgit.freebsd.org/src/commit/?id=3D9a5a7c90d5e5971fe2b9c9265e9279= a6f173a8f3CVE-2024-6119> > FreeBSD-SA-24:13.openssl > > Concurrent unsychronized memory access > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > https://cgit.freebsd.org/src/commit/?id=3D1f5bf91a85e93afa17bc9c03fe7fade= 0852da046 > > RAII > =3D=3D=3D=3D > > https://cgit.freebsd.org/src/commit/?id=3D4b3141f5d5373989598f9447ab5a9f8= 7e2d1c9fb > > Unchecked errors [^1] > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > https://cgit.freebsd.org/src/commit/?id=3D35f4984343229545881a324a00cdbb3= 980d675ce > > https://cgit.freebsd.org/src/commit/?id=3Deced2e2f1e56b54753702da52a88fcc= be73b3dcb > > https://cgit.freebsd.org/src/commit/?id=3Df625d038d2ae59fa1ae81b76079da46= 4ed6db61a > > Not preventable by a safer programming language > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > https://cgit.freebsd.org/src/commit/?id=3D7d6932d20aedbbb220cd78e90ab4e82= d1abaad31 > > https://cgit.freebsd.org/src/commit/?id=3D6efba04df3f8c77b9b12f1df3e5124a= 7249b82fc > > https://cgit.freebsd.org/src/commit/?id=3D4b72bab96e8978eaed30fd44f7f51e1= b4918d4db > > https://cgit.freebsd.org/src/commit/?id=3Db64afa41d56e98b5817aaf14c7deb0f= a7e2142fb > > [^1]: while not memory-safety bugs, Rust's lints actually make > ignoring errors like this pretty difficult. So I consider these bugs > to have been preventable. > > --000000000000e299b106217ae812 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"auto">What a goofy thing to say.</div><div><br><div class=3D"gm= ail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Thu, Sep 5, 2024 at 2:0= 9=E2=80=AFPM Alan Somers <<a href=3D"mailto:asomers@freebsd.org">asomers= @freebsd.org</a>> wrote:<br></div><blockquote class=3D"gmail_quote" styl= e=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">By now = I expect that most of you have seen the long list of new<br> security advisories that just came out.=C2=A0 Strikingly, all were the<br> result of memory handling errors.=C2=A0 And none of them wouldn't have<= br> happened if their respective programs had been written in a<br> memory-safe language.<br> <br> In fact, of all the C bug fixes that I've been involved with (as<br> either author or reviewer) since May, about three quarters could've<br> been avoided just by using a better language.<br> <br> The real takeaway here is that C is no longer sufficient for writing<br> high quality code in the 2020s.=C2=A0 Everyone needs to adapt their tools.<= br> Programmers who don't will increasingly come to resemble experimental<b= r> archaeologists, i.e. people who learn flintknapping to "keep the<br> knowledge alive".=C2=A0 Such people are valuable, but definitely niche= .=C2=A0 I<br> for one don't want my career to go in that trajectory.<br> <br> To summarize, here's the list of this week's security advisories, a= nd<br> also some other recent C bug fixes of my own involvement:<br> <br> Buffer overflow<br> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<br> <a href=3D"https://cgit.freebsd.org/src/commit/?id=3D3aaaca1b51ad844ef9e9b3= d945217ab3dd189baeCVE-2024-45288" rel=3D"noreferrer" target=3D"_blank">http= s://cgit.freebsd.org/src/commit/?id=3D3aaaca1b51ad844ef9e9b3d945217ab3dd189= bae<br> CVE-2024-45288</a> FreeBSD-SA-24:09.libnv<br> <a href=3D"https://cgit.freebsd.org/src/commit/?id=3Da06fc21e770a482c891541= 1ebc98c870e42dd29bCVE-2024-41928" rel=3D"noreferrer" target=3D"_blank">http= s://cgit.freebsd.org/src/commit/?id=3Da06fc21e770a482c8915411ebc98c870e42dd= 29b<br> CVE-2024-41928</a> FreeBSD-SA-24:10.bhyve<br> <a href=3D"https://cgit.freebsd.org/src/commit/?id=3Daf438acbfde3d25dbdc82b= 2b3d72380f0191e9d9CVE-2024-42416" rel=3D"noreferrer" target=3D"_blank">http= s://cgit.freebsd.org/src/commit/?id=3Daf438acbfde3d25dbdc82b2b3d72380f0191e= 9d9<br> CVE-2024-42416</a> FreeBSD-SA-24:11.ctl<br> <a href=3D"https://cgit.freebsd.org/src/commit/?id=3Ddb87c98168b1605f067d28= 3fa36a710369c3849dFreeBSD-SA-24:11.ctl" rel=3D"noreferrer" target=3D"_blank= ">https://cgit.freebsd.org/src/commit/?id=3Ddb87c98168b1605f067d283fa36a710= 369c3849d<br> FreeBSD-SA-24:11.ctl</a><br> <a href=3D"https://cgit.freebsd.org/src/commit/?id=3D5c9308a4130858598c76f3= ae6e3e3dfb41ccfe68CVE-2024-32668" rel=3D"noreferrer" target=3D"_blank">http= s://cgit.freebsd.org/src/commit/?id=3D5c9308a4130858598c76f3ae6e3e3dfb41ccf= e68<br> CVE-2024-32668</a> FreeBSD-SA-24:12.bhyve<br> <br> Integer overflow<br> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<br> <a href=3D"https://cgit.freebsd.org/src/commit/?id=3D36fa90dbde0060aacb5677= d0b113ee168e839071CVE-2024-45287" rel=3D"noreferrer" target=3D"_blank">http= s://cgit.freebsd.org/src/commit/?id=3D36fa90dbde0060aacb5677d0b113ee168e839= 071<br> CVE-2024-45287</a> FreeBSD-SA-24:09.libnv<br> <a href=3D"https://cgit.freebsd.org/src/commit/?id=3Dc3e6dfe55c0e81d0717b04= 58bc95128384c3ebe8FreeBSD-SA-24:14.umtx" rel=3D"noreferrer" target=3D"_blan= k">https://cgit.freebsd.org/src/commit/?id=3Dc3e6dfe55c0e81d0717b0458bc9512= 8384c3ebe8<br> FreeBSD-SA-24:14.umtx</a><br> <br> Use after free<br> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<br> <a href=3D"https://cgit.freebsd.org/src/commit/?id=3D670b582db6cb827a8760df= 942ed8af0020a0b4d0CVE-2024-45063" rel=3D"noreferrer" target=3D"_blank">http= s://cgit.freebsd.org/src/commit/?id=3D670b582db6cb827a8760df942ed8af0020a0b= 4d0<br> CVE-2024-45063</a> FreeBSD-SA-24:11.ctl<br> <a href=3D"https://cgit.freebsd.org/src/commit/?id=3D62f40433ab47ad4a9694a2= 2a0313d57661502ca1CVE-2024-43102" rel=3D"noreferrer" target=3D"_blank">http= s://cgit.freebsd.org/src/commit/?id=3D62f40433ab47ad4a9694a22a0313d57661502= ca1<br> CVE-2024-43102</a> FreeBSD-SA-24:14.umtx<br> <br> Uninitialized memory access<br> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D<br> <a href=3D"https://cgit.freebsd.org/src/commit/?id=3Dea44766b78d639d3a89afd= 5302ec6feffaade813CVE-2024-8178" rel=3D"noreferrer" target=3D"_blank">https= ://cgit.freebsd.org/src/commit/?id=3Dea44766b78d639d3a89afd5302ec6feffaade8= 13<br> CVE-2024-8178</a> FreeBSD-SA-24:11.ctl<br> <a href=3D"https://cgit.freebsd.org/src/commit/?id=3D0f2b2276abc305905e7d88= 619a7abca26b0dd7eb" rel=3D"noreferrer" target=3D"_blank">https://cgit.freeb= sd.org/src/commit/?id=3D0f2b2276abc305905e7d88619a7abca26b0dd7eb</a><br> <br> Memory Leaks<br> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<br> <a href=3D"https://cgit.freebsd.org/src/commit/?id=3D2909ddd17cb4d750852dc0= 4128e584f93f8c5058" rel=3D"noreferrer" target=3D"_blank">https://cgit.freeb= sd.org/src/commit/?id=3D2909ddd17cb4d750852dc04128e584f93f8c5058</a><br> <br> Incorrect union member access<br> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D<br> <a href=3D"https://cgit.freebsd.org/src/commit/?id=3D9a5a7c90d5e5971fe2b9c9= 265e9279a6f173a8f3CVE-2024-6119" rel=3D"noreferrer" target=3D"_blank">https= ://cgit.freebsd.org/src/commit/?id=3D9a5a7c90d5e5971fe2b9c9265e9279a6f173a8= f3<br> CVE-2024-6119</a> FreeBSD-SA-24:13.openssl<br> <br> Concurrent unsychronized memory access<br> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<br> <a href=3D"https://cgit.freebsd.org/src/commit/?id=3D1f5bf91a85e93afa17bc9c= 03fe7fade0852da046" rel=3D"noreferrer" target=3D"_blank">https://cgit.freeb= sd.org/src/commit/?id=3D1f5bf91a85e93afa17bc9c03fe7fade0852da046</a><br> <br> RAII<br> =3D=3D=3D=3D<br> <a href=3D"https://cgit.freebsd.org/src/commit/?id=3D4b3141f5d5373989598f94= 47ab5a9f87e2d1c9fb" rel=3D"noreferrer" target=3D"_blank">https://cgit.freeb= sd.org/src/commit/?id=3D4b3141f5d5373989598f9447ab5a9f87e2d1c9fb</a><br> <br> Unchecked errors [^1]<br> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<br> <a href=3D"https://cgit.freebsd.org/src/commit/?id=3D35f4984343229545881a32= 4a00cdbb3980d675ce" rel=3D"noreferrer" target=3D"_blank">https://cgit.freeb= sd.org/src/commit/?id=3D35f4984343229545881a324a00cdbb3980d675ce</a><br> <a href=3D"https://cgit.freebsd.org/src/commit/?id=3Deced2e2f1e56b54753702d= a52a88fccbe73b3dcb" rel=3D"noreferrer" target=3D"_blank">https://cgit.freeb= sd.org/src/commit/?id=3Deced2e2f1e56b54753702da52a88fccbe73b3dcb</a><br> <a href=3D"https://cgit.freebsd.org/src/commit/?id=3Df625d038d2ae59fa1ae81b= 76079da464ed6db61a" rel=3D"noreferrer" target=3D"_blank">https://cgit.freeb= sd.org/src/commit/?id=3Df625d038d2ae59fa1ae81b76079da464ed6db61a</a><br> <br> Not preventable by a safer programming language<br> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<br> <a href=3D"https://cgit.freebsd.org/src/commit/?id=3D7d6932d20aedbbb220cd78= e90ab4e82d1abaad31" rel=3D"noreferrer" target=3D"_blank">https://cgit.freeb= sd.org/src/commit/?id=3D7d6932d20aedbbb220cd78e90ab4e82d1abaad31</a><br> <a href=3D"https://cgit.freebsd.org/src/commit/?id=3D6efba04df3f8c77b9b12f1= df3e5124a7249b82fc" rel=3D"noreferrer" target=3D"_blank">https://cgit.freeb= sd.org/src/commit/?id=3D6efba04df3f8c77b9b12f1df3e5124a7249b82fc</a><br> <a href=3D"https://cgit.freebsd.org/src/commit/?id=3D4b72bab96e8978eaed30fd= 44f7f51e1b4918d4db" rel=3D"noreferrer" target=3D"_blank">https://cgit.freeb= sd.org/src/commit/?id=3D4b72bab96e8978eaed30fd44f7f51e1b4918d4db</a><br> <a href=3D"https://cgit.freebsd.org/src/commit/?id=3Db64afa41d56e98b5817aaf= 14c7deb0fa7e2142fb" rel=3D"noreferrer" target=3D"_blank">https://cgit.freeb= sd.org/src/commit/?id=3Db64afa41d56e98b5817aaf14c7deb0fa7e2142fb</a><br> <br> [^1]: while not memory-safety bugs, Rust's lints actually make<br> ignoring errors like this pretty difficult.=C2=A0 So I consider these bugs<= br> to have been preventable.<br> <br> </blockquote></div></div> --000000000000e299b106217ae812--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOzHqcL1pZxQCnUSXsKzdhCgEdTD0_fFVPPMN-OsMx-LVsEJbw>