Site Navigation

Date:      Fri, 6 Sep 2024 18:27:05 -0400
From:      Joe Schaefer <joesuf4@gmail.com>
To:        Alan Somers <asomers@freebsd.org>
Cc:        FreeBSD Hackers <freebsd-hackers@freebsd.org>
Subject:   Re: The Case for Rust (in any system)
Message-ID:  <CAOzHqcL1pZxQCnUSXsKzdhCgEdTD0_fFVPPMN-OsMx-LVsEJbw@mail.gmail.com>
In-Reply-To: <CAOtMX2iCNX5OkdeghnbmcMrO0UYWwm4zfxFSZGznOznu%2Bmh5rA@mail.gmail.com>
References:  <CAOtMX2iCNX5OkdeghnbmcMrO0UYWwm4zfxFSZGznOznu%2Bmh5rA@mail.gmail.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

[-- Attachment #1 --]
What a goofy thing to say.

On Thu, Sep 5, 2024 at 2:09 PM Alan Somers <asomers@freebsd.org> wrote:

> By now I expect that most of you have seen the long list of new
> security advisories that just came out.  Strikingly, all were the
> result of memory handling errors.  And none of them wouldn't have
> happened if their respective programs had been written in a
> memory-safe language.
>
> In fact, of all the C bug fixes that I've been involved with (as
> either author or reviewer) since May, about three quarters could've
> been avoided just by using a better language.
>
> The real takeaway here is that C is no longer sufficient for writing
> high quality code in the 2020s.  Everyone needs to adapt their tools.
> Programmers who don't will increasingly come to resemble experimental
> archaeologists, i.e. people who learn flintknapping to "keep the
> knowledge alive".  Such people are valuable, but definitely niche.  I
> for one don't want my career to go in that trajectory.
>
> To summarize, here's the list of this week's security advisories, and
> also some other recent C bug fixes of my own involvement:
>
> Buffer overflow
> ===============
>
> https://cgit.freebsd.org/src/commit/?id=3aaaca1b51ad844ef9e9b3d945217ab3dd189bae
> CVE-2024-45288
> <https://cgit.freebsd.org/src/commit/?id=3aaaca1b51ad844ef9e9b3d945217ab3dd189baeCVE-2024-45288>;
> FreeBSD-SA-24:09.libnv
>
> https://cgit.freebsd.org/src/commit/?id=a06fc21e770a482c8915411ebc98c870e42dd29b
> CVE-2024-41928
> <https://cgit.freebsd.org/src/commit/?id=a06fc21e770a482c8915411ebc98c870e42dd29bCVE-2024-41928>;
> FreeBSD-SA-24:10.bhyve
>
> https://cgit.freebsd.org/src/commit/?id=af438acbfde3d25dbdc82b2b3d72380f0191e9d9
> CVE-2024-42416
> <https://cgit.freebsd.org/src/commit/?id=af438acbfde3d25dbdc82b2b3d72380f0191e9d9CVE-2024-42416>;
> FreeBSD-SA-24:11.ctl
>
> https://cgit.freebsd.org/src/commit/?id=db87c98168b1605f067d283fa36a710369c3849d
> FreeBSD-SA-24:11.ctl
> <https://cgit.freebsd.org/src/commit/?id=db87c98168b1605f067d283fa36a710369c3849dFreeBSD-SA-24:11.ctl>;
>
> https://cgit.freebsd.org/src/commit/?id=5c9308a4130858598c76f3ae6e3e3dfb41ccfe68
> CVE-2024-32668
> <https://cgit.freebsd.org/src/commit/?id=5c9308a4130858598c76f3ae6e3e3dfb41ccfe68CVE-2024-32668>;
> FreeBSD-SA-24:12.bhyve
>
> Integer overflow
> ================
>
> https://cgit.freebsd.org/src/commit/?id=36fa90dbde0060aacb5677d0b113ee168e839071
> CVE-2024-45287
> <https://cgit.freebsd.org/src/commit/?id=36fa90dbde0060aacb5677d0b113ee168e839071CVE-2024-45287>;
> FreeBSD-SA-24:09.libnv
>
> https://cgit.freebsd.org/src/commit/?id=c3e6dfe55c0e81d0717b0458bc95128384c3ebe8
> FreeBSD-SA-24:14.umtx
> <https://cgit.freebsd.org/src/commit/?id=c3e6dfe55c0e81d0717b0458bc95128384c3ebe8FreeBSD-SA-24:14.umtx>;
>
> Use after free
> ==============
>
> https://cgit.freebsd.org/src/commit/?id=670b582db6cb827a8760df942ed8af0020a0b4d0
> CVE-2024-45063
> <https://cgit.freebsd.org/src/commit/?id=670b582db6cb827a8760df942ed8af0020a0b4d0CVE-2024-45063>;
> FreeBSD-SA-24:11.ctl
>
> https://cgit.freebsd.org/src/commit/?id=62f40433ab47ad4a9694a22a0313d57661502ca1
> CVE-2024-43102
> <https://cgit.freebsd.org/src/commit/?id=62f40433ab47ad4a9694a22a0313d57661502ca1CVE-2024-43102>;
> FreeBSD-SA-24:14.umtx
>
> Uninitialized memory access
> ===========================
>
> https://cgit.freebsd.org/src/commit/?id=ea44766b78d639d3a89afd5302ec6feffaade813
> CVE-2024-8178
> <https://cgit.freebsd.org/src/commit/?id=ea44766b78d639d3a89afd5302ec6feffaade813CVE-2024-8178>;
> FreeBSD-SA-24:11.ctl
>
> https://cgit.freebsd.org/src/commit/?id=0f2b2276abc305905e7d88619a7abca26b0dd7eb
>
> Memory Leaks
> ============
>
> https://cgit.freebsd.org/src/commit/?id=2909ddd17cb4d750852dc04128e584f93f8c5058
>
> Incorrect union member access
> =============================
>
> https://cgit.freebsd.org/src/commit/?id=9a5a7c90d5e5971fe2b9c9265e9279a6f173a8f3
> CVE-2024-6119
> <https://cgit.freebsd.org/src/commit/?id=9a5a7c90d5e5971fe2b9c9265e9279a6f173a8f3CVE-2024-6119>;
> FreeBSD-SA-24:13.openssl
>
> Concurrent unsychronized memory access
> ======================================
>
> https://cgit.freebsd.org/src/commit/?id=1f5bf91a85e93afa17bc9c03fe7fade0852da046
>
> RAII
> ====
>
> https://cgit.freebsd.org/src/commit/?id=4b3141f5d5373989598f9447ab5a9f87e2d1c9fb
>
> Unchecked errors [^1]
> ======================
>
> https://cgit.freebsd.org/src/commit/?id=35f4984343229545881a324a00cdbb3980d675ce
>
> https://cgit.freebsd.org/src/commit/?id=eced2e2f1e56b54753702da52a88fccbe73b3dcb
>
> https://cgit.freebsd.org/src/commit/?id=f625d038d2ae59fa1ae81b76079da464ed6db61a
>
> Not preventable by a safer programming language
> ===============================================
>
> https://cgit.freebsd.org/src/commit/?id=7d6932d20aedbbb220cd78e90ab4e82d1abaad31
>
> https://cgit.freebsd.org/src/commit/?id=6efba04df3f8c77b9b12f1df3e5124a7249b82fc
>
> https://cgit.freebsd.org/src/commit/?id=4b72bab96e8978eaed30fd44f7f51e1b4918d4db
>
> https://cgit.freebsd.org/src/commit/?id=b64afa41d56e98b5817aaf14c7deb0fa7e2142fb
>
> [^1]: while not memory-safety bugs, Rust's lints actually make
> ignoring errors like this pretty difficult.  So I consider these bugs
> to have been preventable.
>
>

[-- Attachment #2 --]
<div dir="auto">What a goofy thing to say.</div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Sep 5, 2024 at 2:09 PM Alan Somers &lt;<a href="mailto:asomers@freebsd.org">asomers@freebsd.org</a>&gt; wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">By now I expect that most of you have seen the long list of new<br>
security advisories that just came out.  Strikingly, all were the<br>
result of memory handling errors.  And none of them wouldn&#39;t have<br>
happened if their respective programs had been written in a<br>
memory-safe language.<br>
<br>
In fact, of all the C bug fixes that I&#39;ve been involved with (as<br>
either author or reviewer) since May, about three quarters could&#39;ve<br>
been avoided just by using a better language.<br>
<br>
The real takeaway here is that C is no longer sufficient for writing<br>
high quality code in the 2020s.  Everyone needs to adapt their tools.<br>
Programmers who don&#39;t will increasingly come to resemble experimental<br>
archaeologists, i.e. people who learn flintknapping to &quot;keep the<br>
knowledge alive&quot;.  Such people are valuable, but definitely niche.  I<br>
for one don&#39;t want my career to go in that trajectory.<br>
<br>
To summarize, here&#39;s the list of this week&#39;s security advisories, and<br>
also some other recent C bug fixes of my own involvement:<br>
<br>
Buffer overflow<br>
===============<br>
<a href="https://cgit.freebsd.org/src/commit/?id=3aaaca1b51ad844ef9e9b3d945217ab3dd189baeCVE-2024-45288" rel="noreferrer" target="_blank">https://cgit.freebsd.org/src/commit/?id=3aaaca1b51ad844ef9e9b3d945217ab3dd189bae<br>;
CVE-2024-45288</a> FreeBSD-SA-24:09.libnv<br>
<a href="https://cgit.freebsd.org/src/commit/?id=a06fc21e770a482c8915411ebc98c870e42dd29bCVE-2024-41928" rel="noreferrer" target="_blank">https://cgit.freebsd.org/src/commit/?id=a06fc21e770a482c8915411ebc98c870e42dd29b<br>;
CVE-2024-41928</a> FreeBSD-SA-24:10.bhyve<br>
<a href="https://cgit.freebsd.org/src/commit/?id=af438acbfde3d25dbdc82b2b3d72380f0191e9d9CVE-2024-42416" rel="noreferrer" target="_blank">https://cgit.freebsd.org/src/commit/?id=af438acbfde3d25dbdc82b2b3d72380f0191e9d9<br>;
CVE-2024-42416</a> FreeBSD-SA-24:11.ctl<br>
<a href="https://cgit.freebsd.org/src/commit/?id=db87c98168b1605f067d283fa36a710369c3849dFreeBSD-SA-24:11.ctl" rel="noreferrer" target="_blank">https://cgit.freebsd.org/src/commit/?id=db87c98168b1605f067d283fa36a710369c3849d<br>;
FreeBSD-SA-24:11.ctl</a><br>
<a href="https://cgit.freebsd.org/src/commit/?id=5c9308a4130858598c76f3ae6e3e3dfb41ccfe68CVE-2024-32668" rel="noreferrer" target="_blank">https://cgit.freebsd.org/src/commit/?id=5c9308a4130858598c76f3ae6e3e3dfb41ccfe68<br>;
CVE-2024-32668</a> FreeBSD-SA-24:12.bhyve<br>
<br>
Integer overflow<br>
================<br>
<a href="https://cgit.freebsd.org/src/commit/?id=36fa90dbde0060aacb5677d0b113ee168e839071CVE-2024-45287" rel="noreferrer" target="_blank">https://cgit.freebsd.org/src/commit/?id=36fa90dbde0060aacb5677d0b113ee168e839071<br>;
CVE-2024-45287</a> FreeBSD-SA-24:09.libnv<br>
<a href="https://cgit.freebsd.org/src/commit/?id=c3e6dfe55c0e81d0717b0458bc95128384c3ebe8FreeBSD-SA-24:14.umtx" rel="noreferrer" target="_blank">https://cgit.freebsd.org/src/commit/?id=c3e6dfe55c0e81d0717b0458bc95128384c3ebe8<br>;
FreeBSD-SA-24:14.umtx</a><br>
<br>
Use after free<br>
==============<br>
<a href="https://cgit.freebsd.org/src/commit/?id=670b582db6cb827a8760df942ed8af0020a0b4d0CVE-2024-45063" rel="noreferrer" target="_blank">https://cgit.freebsd.org/src/commit/?id=670b582db6cb827a8760df942ed8af0020a0b4d0<br>;
CVE-2024-45063</a> FreeBSD-SA-24:11.ctl<br>
<a href="https://cgit.freebsd.org/src/commit/?id=62f40433ab47ad4a9694a22a0313d57661502ca1CVE-2024-43102" rel="noreferrer" target="_blank">https://cgit.freebsd.org/src/commit/?id=62f40433ab47ad4a9694a22a0313d57661502ca1<br>;
CVE-2024-43102</a> FreeBSD-SA-24:14.umtx<br>
<br>
Uninitialized memory access<br>
===========================<br>
<a href="https://cgit.freebsd.org/src/commit/?id=ea44766b78d639d3a89afd5302ec6feffaade813CVE-2024-8178" rel="noreferrer" target="_blank">https://cgit.freebsd.org/src/commit/?id=ea44766b78d639d3a89afd5302ec6feffaade813<br>;
CVE-2024-8178</a> FreeBSD-SA-24:11.ctl<br>
<a href="https://cgit.freebsd.org/src/commit/?id=0f2b2276abc305905e7d88619a7abca26b0dd7eb" rel="noreferrer" target="_blank">https://cgit.freebsd.org/src/commit/?id=0f2b2276abc305905e7d88619a7abca26b0dd7eb</a><br>;
<br>
Memory Leaks<br>
============<br>
<a href="https://cgit.freebsd.org/src/commit/?id=2909ddd17cb4d750852dc04128e584f93f8c5058" rel="noreferrer" target="_blank">https://cgit.freebsd.org/src/commit/?id=2909ddd17cb4d750852dc04128e584f93f8c5058</a><br>;
<br>
Incorrect union member access<br>
=============================<br>
<a href="https://cgit.freebsd.org/src/commit/?id=9a5a7c90d5e5971fe2b9c9265e9279a6f173a8f3CVE-2024-6119" rel="noreferrer" target="_blank">https://cgit.freebsd.org/src/commit/?id=9a5a7c90d5e5971fe2b9c9265e9279a6f173a8f3<br>;
CVE-2024-6119</a> FreeBSD-SA-24:13.openssl<br>
<br>
Concurrent unsychronized memory access<br>
======================================<br>
<a href="https://cgit.freebsd.org/src/commit/?id=1f5bf91a85e93afa17bc9c03fe7fade0852da046" rel="noreferrer" target="_blank">https://cgit.freebsd.org/src/commit/?id=1f5bf91a85e93afa17bc9c03fe7fade0852da046</a><br>;
<br>
RAII<br>
====<br>
<a href="https://cgit.freebsd.org/src/commit/?id=4b3141f5d5373989598f9447ab5a9f87e2d1c9fb" rel="noreferrer" target="_blank">https://cgit.freebsd.org/src/commit/?id=4b3141f5d5373989598f9447ab5a9f87e2d1c9fb</a><br>;
<br>
Unchecked errors [^1]<br>
======================<br>
<a href="https://cgit.freebsd.org/src/commit/?id=35f4984343229545881a324a00cdbb3980d675ce" rel="noreferrer" target="_blank">https://cgit.freebsd.org/src/commit/?id=35f4984343229545881a324a00cdbb3980d675ce</a><br>;
<a href="https://cgit.freebsd.org/src/commit/?id=eced2e2f1e56b54753702da52a88fccbe73b3dcb" rel="noreferrer" target="_blank">https://cgit.freebsd.org/src/commit/?id=eced2e2f1e56b54753702da52a88fccbe73b3dcb</a><br>;
<a href="https://cgit.freebsd.org/src/commit/?id=f625d038d2ae59fa1ae81b76079da464ed6db61a" rel="noreferrer" target="_blank">https://cgit.freebsd.org/src/commit/?id=f625d038d2ae59fa1ae81b76079da464ed6db61a</a><br>;
<br>
Not preventable by a safer programming language<br>
===============================================<br>
<a href="https://cgit.freebsd.org/src/commit/?id=7d6932d20aedbbb220cd78e90ab4e82d1abaad31" rel="noreferrer" target="_blank">https://cgit.freebsd.org/src/commit/?id=7d6932d20aedbbb220cd78e90ab4e82d1abaad31</a><br>;
<a href="https://cgit.freebsd.org/src/commit/?id=6efba04df3f8c77b9b12f1df3e5124a7249b82fc" rel="noreferrer" target="_blank">https://cgit.freebsd.org/src/commit/?id=6efba04df3f8c77b9b12f1df3e5124a7249b82fc</a><br>;
<a href="https://cgit.freebsd.org/src/commit/?id=4b72bab96e8978eaed30fd44f7f51e1b4918d4db" rel="noreferrer" target="_blank">https://cgit.freebsd.org/src/commit/?id=4b72bab96e8978eaed30fd44f7f51e1b4918d4db</a><br>;
<a href="https://cgit.freebsd.org/src/commit/?id=b64afa41d56e98b5817aaf14c7deb0fa7e2142fb" rel="noreferrer" target="_blank">https://cgit.freebsd.org/src/commit/?id=b64afa41d56e98b5817aaf14c7deb0fa7e2142fb</a><br>;
<br>
[^1]: while not memory-safety bugs, Rust&#39;s lints actually make<br>
ignoring errors like this pretty difficult.  So I consider these bugs<br>
to have been preventable.<br>
<br>
</blockquote></div></div>

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOzHqcL1pZxQCnUSXsKzdhCgEdTD0_fFVPPMN-OsMx-LVsEJbw>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact