From: invalid@invalid.invalid
Chris Ahlstrom writes:
> Richard Kettlewell wrote this post by blinking in Morse code:
>> The Natural Philosopher writes:
>>> All languages are error prone.
>>
>> They are not all error-prone in _the same way_, and C stands out as
>> especially fragile. There are whole classes of vulnerability that either
>> don’t exist in other languages or need the programmer to much more
>> deliberately go ‘off piste’ before they can happen.
>
> How about assembler? :-)
In some ways safer than C. You still need explicit bounds checks (and so
on) but if you forget them the outcome is a bit more predictable than in
C.
>>> And blaming that for deficiencies in programmer quality is just
>>> sticking your head in the sand.
>>
>> I’m not say that there aren’t lazy and incompetent programmers. I
>> remember a colleague at a previous job proposing that we could work
>> faster by skipping bounds checking in network-facing code, because we
>> “knew” what maximum sizes the inputs would be. Obviously in C the
>> consequences (had anyone paid attention to that individual) would have
>> been vulnerabilites. In a language with automated bounds checking the
>> question wouldn’t even have arisen.
>
> I dunno, man, the Linux kernel is written and C and it works pretty
> well and safely.
2025 saw over 5,000 CVEs published for the Linux kernel. They do have
quite a liberal assignment policy, AIUI any bug relevant to the kernel’s
security posture gets a CVE without deeper analysis, but when you have
that rate of bugs, you’re not going to attempt a PoC for all of them:
the only realistic option is to fix them, log them, and move on to the
next one.
Even before they switched to that policy they’d been doing well over a
hundred CVEs per year for some time.
There’s a reason they’ve put in the effort to enable Rust in the kernel.
--
https://www.greenend.org.uk/rjk/
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
