Baraza
  • Communities
  • Create Post
  • Create Community
  • heart
    Support Lemmy
  • search
    Search
  • Login
  • Sign Up
Hal-5700X@sh.itjust.works to Technology@lemmy.worldEnglish ·
edit-2
5 months ago

Linux Kernel Rust Code Sees Its First CVE Vulnerability

www.phoronix.com

external-link
message-square
11
link
fedilink
127
external-link

Linux Kernel Rust Code Sees Its First CVE Vulnerability

www.phoronix.com

Hal-5700X@sh.itjust.works to Technology@lemmy.worldEnglish ·
edit-2
5 months ago
message-square
11
link
fedilink
alert-triangle
You must log in or # to comment.
  • tekato@lemmy.world
    link
    fedilink
    English
    arrow-up
    31    ·
    5 months ago

    JavaScript would have prevented this.

  • ryannathans@aussie.zone
    link
    fedilink
    English
    arrow-up
    18
    arrow-down
    12    ·
    5 months ago

    What’s the point of rewriting parts of the kernel in unsafe rust?

    • Eager Eagle@lemmy.world
      link
      fedilink
      English
      arrow-up
      18      ·
      5 months ago

      it’s not like the whole driver is written in unsafe rust

    • ark3@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      9      ·
      5 months ago

      unsafe is usually used only when you need to interact with something else like low level or ffi

    • Hal-5700X@sh.itjust.worksOP
      link
      fedilink
      English
      arrow-up
      14
      arrow-down
      16      ·
      5 months ago

      Because Rust is the popular thing in FOSS/Linux at the moment.

      • ryannathans@aussie.zone
        link
        fedilink
        English
        arrow-up
        18
        arrow-down
        1        ·
        5 months ago

        For memory safety, which is not unsafe rust

        • Hal-5700X@sh.itjust.worksOP
          link
          fedilink
          English
          arrow-up
          10
          arrow-down
          5          ·
          5 months ago

          You say that. But the CVE is a memory corruption bug.

          • Dave.@aussie.zone
            link
            fedilink
            English
            arrow-up
            39
            arrow-down
            2            ·
            5 months ago

            Which is worse?

            • Entire driver written in a non memory safe language?
            • The interface to the rest of the kernel is marked as unsafe and then the other X percent is safe from memory corruption?

            Surely if X > 0 then this is still a net improvement?

            • sik0fewl@lemmy.ca
              link
              fedilink
              English
              arrow-up
              6
              arrow-down
              1              ·
              5 months ago

              I don’t know, but I found this article interesting with respect to unsafe Rust - https://lightpanda.io/blog/posts/why-we-built-lightpanda-in-zig

          • JustAnotherKay@lemmy.world
            link
            fedilink
            English
            arrow-up
            7            ·
            5 months ago

            They’re not calling Rust unsafe. There is a memory safe mode and a memory unsafe mode in Rust, and this was built in unsafe Rust which allowed for the memory bug to be exploited

          • ryannathans@aussie.zone
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            2            ·
            5 months ago

            You don’t understand what unsafe means

Technology@lemmy.world

technology@lemmy.world

Subscribe from Remote Instance

Create a post
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !technology@lemmy.world

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

  • @L4s@lemmy.world
  • @autotldr@lemmings.world
  • @PipedLinkBot@feddit.rocks
  • @wikibot@lemmy.world
Visibility: Public
globe

This community can be federated to other instances and be posted/commented in by their users.

  • 800 users / day
  • 3.52K users / week
  • 7.39K users / month
  • 15.5K users / 6 months
  • 3 local subscribers
  • 84.7K subscribers
  • 13.7K Posts
  • 295K Comments
  • Modlog
  • mods:
  • L3s@lemmy.world
  • enu@lemmy.world
  • Technopagan@lemmy.world
  • L4sBot@lemmy.world
  • BE: 0.19.14
  • Modlog
  • Instances
  • Docs
  • Code
  • join-lemmy.org