Originally posted by theuserbl
View Post
Announcement
Collapse
No announcement yet.
Rust-Based Coreutils 0.0.26 Increases Compatibility With GNU Coreutils
Collapse
X
-
Originally posted by bug77 View Post
I haven't tested uutils, but ripgrep is much faster than good old grep.
Look wise it was not my favorite, but the speed gained me.Last edited by geearf; 28 April 2024, 07:03 AM.
Comment
-
Originally posted by ZeroPointEnergy View PostMemory safety is nice, but I'm somehow concerned that to build this it has almost 300 dependencies. I'm not sure that is a win for security.Cross-platform Rust rewrite of the GNU coreutils. Contribute to uutils/coreutils development by creating an account on GitHub.
Holy modularity, Batman! You weren't kidding!
On one hand, having more small modules as opposed to fewer big ones means that any given module is likely more easily auditable, but on the other hand, the sheer number of modules makes the likelihood of an XZ Utils incident too high for my liking. Given how, well, core the coreutils are, if this gets widespread adoption, every module in that list is an XZ begging for a malicious actor to try to take over.
- Likes 2
Comment
-
Originally posted by theuserbl View PostI have interpolated that line, without adding a saturation curve.
Then it will not be finished this year. But next year it will be.
My guess is that the lines will become asymptotic near the end.
Comment
-
Originally posted by wangling View PostAlthough reason tells me that rewriting with rust may improve performance compatibility and maintainability. But some people clamoring to rewrite everything with rust does make me a bit annoyed.
Comment
-
Originally posted by QwertyChouskie View Post
Cross-platform Rust rewrite of the GNU coreutils. Contribute to uutils/coreutils development by creating an account on GitHub.
Holy modularity, Batman! You weren't kidding!
On one hand, having more small modules as opposed to fewer big ones means that any given module is likely more easily auditable, but on the other hand, the sheer number of modules makes the likelihood of an XZ Utils incident too high for my liking. Given how, well, core the coreutils are, if this gets widespread adoption, every module in that list is an XZ begging for a malicious actor to try to take over.
In fact if systemd was written in Rust and had its dependencies managed by cargo, the XZ attack wouldn't have worked (the XZ crate's checksum wouldn't match).
- Likes 2
Comment
-
For me, the big win is how much easier it is to build Rust projects across operating systems and CPU architectures.
Having uutils support Windows and available via GitHub (releases or sources) is also really convenient.
I still don't know where the gnu core utils sources are or if the sourceforge binaries for Windows are malware
- Likes 2
Comment
-
Originally posted by jacob View Post
The likelihood of an XZ-style attack in a Cargo-based project is extremely small. Look at that URL: for every dependency there is a checksum. If you trust the upstream developers of coreutils, then unless you voluntarily do "cargo update", then - hash collisions aside - you can be certain that if you build coreutils, it will use the same exact code in the dependencies as what upstream expects. From this point of view, it's actually far more secure than the C/C++-style dependency management where it simply tells you to download library XYZ (or a distro package) but, in the best of cases, it checks its version number, not its actual contents.
In fact if systemd was written in Rust and had its dependencies managed by cargo, the XZ attack wouldn't have worked (the XZ crate's checksum wouldn't match).
- Likes 2
Comment
-
Originally posted by QwertyChouskie View Post
Cross-platform Rust rewrite of the GNU coreutils. Contribute to uutils/coreutils development by creating an account on GitHub.
Holy modularity, Batman! You weren't kidding!
On one hand, having more small modules as opposed to fewer big ones means that any given module is likely more easily auditable, but on the other hand, the sheer number of modules makes the likelihood of an XZ Utils incident too high for my liking. Given how, well, core the coreutils are, if this gets widespread adoption, every module in that list is an XZ begging for a malicious actor to try to take over.
- Likes 1
Comment
Comment