This is a reminder to everyone that security is more than just memory safety. https://www.phoronix.com/news/sudo-rs-security-ubuntu-25.10
@harrysintonen I thought with such a type-safe language, things like the buffer forgotten to erase in one case couldn’t happen, or so proponents tell me. 😹🙀😾🤬🤮
- replies
- 2
- announces
- 0
- likes
- 2
@harrysintonen @jmtd it’s written by an OpenBSD dev so I’m less surprised
@mirabilos @harrysintonen Erasing freed memory is not part of the language standard, it's on the programmer to apply right management in case of memory drops.
Always was. Always is.
@michalfita @harrysintonen yes but cannot you define it as part if the type?
@jmtd @harrysintonen @mirabilos I think that's noteworthy: from what i've seen, all the tools in this ubuntu rust endeavour have seen more scrutiny and more press about things that otherwise wouldn't be covered in articles. At the same time, some Rust projects (tho idk about sudo-rs and uutils specifically) are far more trigger-happy on CVEs. I think its a side effect of the culture.