Linux people doing Linux things, it seems.

  • LordKitsuna@lemmy.world
    link
    fedilink
    arrow-up
    64
    arrow-down
    3
    ·
    edit-2
    3 months ago

    They are amazing but at the end of the day they are still humans and they can make mistakes. In the YouTube video referenced one of the C devs is heavily against rust.

    Decided to go look for CVEs from code the guy manages (Ted Ts’o) I found these

    CVE-2024-42304 — crash from undocumented function parameter invariants

    CVE-2024-40955 — out of bounds read

    CVE-2024-0775 — use-after-free

    CVE-2023-2513 — use-after-free

    CVE-2023-1252 — use-after-free

    CVE-2022-1184 — use-after-free

    CVE-2020-14314 — out of bounds read

    CVE-2019-19447 — use-after-free

    CVE-2018-10879 — use-after-free

    CVE-2018-10878 — out of bounds write

    CVE-2018-10881 — out of bounds read

    CVE-2015-8324 — null pointer dereference

    CVE-2014-8086 — race condition

    CVE-2011-2493 — call function pointer in uninitialized struct

    CVE-2009-0748 — null pointer dereference

    Do you see a pattern in the type of error here? It’s pretty much entirely memory related and right in the wheelhouse of something rust would just outright not allow short of just slapping everything into unsafe blocks.

    The Old Guard is not perfect, and they are acting as a barrier to new talent coming in. Sometimes change is good and I’m heavily in the camp that rust one of those times. Linus seems to agree as he allowed the code into the kernel which he would never do lightly or just because it’s fomo