No announcement yet.

Rust is not a panacea against vulnerabilities

  • Filter
  • Time
  • Show
Clear All
new posts

  • Rust is not a panacea against vulnerabilities

    As a reminder that just using rust will not solve all problems, a report on the oss-security list led me to

    What I found particularly concerning was the following part of the description:
    When Rust 1.25.0 and prior is used Cargo may download the wrong dependency, which could be squatted on to be a malicious package. This not only affects manifests that you write locally yourself, but also manifests published to
    I find the idea of malicious crates being able to squat on surprising, but overall it's no different from vulnerabilities in other languages which can by default pull in external code over the internet. Fortunately most people will have long ago stopped using that version, so I'm just mentioning this for the next time someone posts "use rust" in a thread.

  • #2
    Bullet 2 is the key point I wanted to make. Contrary to some of the hyperbole that we hear, Heartbleed wasn't the result of incompetence on the part of programmers; but rather, them being lulled into idioms that C makes convenient (this isn't a attempt to malign C, just an observation about idiomatic practices) . You can argue that these idioms should never be used, and that's a fair argument. All I mean to say is that I think Rust tries to move you away from thinking that way by discouraging "unsafe" AND, as a result of that, making us all more careful about what we do when we do cross over to the dark side.


    • #3
      That's a fair criticism, but Rust never really promised to deal with all security issues ever: it promises to eliminate memory related vulnerabilities.
      Any language flexible enough to do any kind of useful work will allow you to `system(curl | /bin/sh)` from the network.
      Some parts of the work needs the programmer to do it well.


      • #4
        Originally posted by zerothruster View Post
        I'm just mentioning this for the next time someone posts "use rust" in a thread.
        Oh right. C is perfectly fine and just as safe as Rust because Rust has had more than 0 CVEs in its entire existence.
        Makes sense.