Hal-5700X@sh.itjust.works to Technology@lemmy.worldEnglish · edit-25 months agoLinux Kernel Rust Code Sees Its First CVE Vulnerabilitywww.phoronix.comexternal-linkmessage-square11linkfedilinkarrow-up1129arrow-down12
arrow-up1127arrow-down1external-linkLinux Kernel Rust Code Sees Its First CVE Vulnerabilitywww.phoronix.comHal-5700X@sh.itjust.works to Technology@lemmy.worldEnglish · edit-25 months agomessage-square11linkfedilink
minus-squareryannathans@aussie.zonelinkfedilinkEnglisharrow-up18arrow-down12·5 months agoWhat’s the point of rewriting parts of the kernel in unsafe rust?
minus-squareEager Eagle@lemmy.worldlinkfedilinkEnglisharrow-up18·5 months agoit’s not like the whole driver is written in unsafe rust
minus-squareark3@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up9·5 months agounsafe is usually used only when you need to interact with something else like low level or ffi
minus-squareHal-5700X@sh.itjust.worksOPlinkfedilinkEnglisharrow-up14arrow-down16·5 months agoBecause Rust is the popular thing in FOSS/Linux at the moment.
minus-squareryannathans@aussie.zonelinkfedilinkEnglisharrow-up18arrow-down1·5 months agoFor memory safety, which is not unsafe rust
minus-squareHal-5700X@sh.itjust.worksOPlinkfedilinkEnglisharrow-up10arrow-down5·5 months agoYou say that. But the CVE is a memory corruption bug.
minus-squareDave.@aussie.zonelinkfedilinkEnglisharrow-up39arrow-down2·5 months agoWhich is worse? Entire driver written in a non memory safe language? The interface to the rest of the kernel is marked as unsafe and then the other X percent is safe from memory corruption? Surely if X > 0 then this is still a net improvement?
minus-squaresik0fewl@lemmy.calinkfedilinkEnglisharrow-up6arrow-down1·5 months agoI don’t know, but I found this article interesting with respect to unsafe Rust - https://lightpanda.io/blog/posts/why-we-built-lightpanda-in-zig
minus-squareJustAnotherKay@lemmy.worldlinkfedilinkEnglisharrow-up7·5 months agoThey’re not calling Rust unsafe. There is a memory safe mode and a memory unsafe mode in Rust, and this was built in unsafe Rust which allowed for the memory bug to be exploited
minus-squareryannathans@aussie.zonelinkfedilinkEnglisharrow-up2arrow-down2·5 months agoYou don’t understand what unsafe means
What’s the point of rewriting parts of the kernel in unsafe rust?
it’s not like the whole driver is written in unsafe rust
unsafe is usually used only when you need to interact with something else like low level or ffi
Because Rust is the popular thing in FOSS/Linux at the moment.
For memory safety, which is not unsafe rust
You say that. But the CVE is a memory corruption bug.
Which is worse?
Surely if X > 0 then this is still a net improvement?
I don’t know, but I found this article interesting with respect to unsafe Rust - https://lightpanda.io/blog/posts/why-we-built-lightpanda-in-zig
They’re not calling Rust unsafe. There is a memory safe mode and a memory unsafe mode in Rust, and this was built in unsafe Rust which allowed for the memory bug to be exploited
You don’t understand what unsafe means