Announcement

Collapse
No announcement yet.

sudo & su Being Rewritten In Rust For Memory Safety

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    *laughs in doas*

    Comment


    • #32
      Originally posted by ayumu View Post
      *laughs in doas*
      Came here to say this, screw sudo and its complicated configuration syntax! doas is all I need, simple and to the point, just how a security critical application should be.

      Comment


      • #33
        Headline is troll-bait as nothing is being rewritten.

        Comment


        • #34
          Originally posted by ssokolow View Post

          Funny you should say that. There was a RustConf 2022 talk named The Sheer Terror of PAM.
          And openbsd avoids both with daos + bsdauth. We need to explore alternative standards if there are weaknesses that are more fundamental, rather than just alternative implementations.

          Comment


          • #35
            Originally posted by jarekZ View Post

            initiatives like this are PR to get funding, first and foremost. As for real software, there's doas, for example. Just around 2k lines of code, i.e. almost no space to make CVE's - which is the real way to increase code security and reliability (unlike of RiiR)
            The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.


            "no space to make CVEs" my ass. One of them is even a classic C scanf problem.

            Comment


            • #36
              This is nice, I like rust applications a lot myself, maybe ill trial run this eventually

              Comment


              • #37
                Originally posted by RejectModernity View Post
                What's the point of this project? We already have sudo written in rust
                https://gitlab.com/edneville/please
                Bear in mind that it's a perfect example of how Rust isn't a magic bullet.

                Comment


                • #38
                  Originally posted by ssokolow View Post

                  Bear in mind that it's a perfect example of how Rust isn't a magic bullet.
                  Nobody ever said it was. Why is this such a common strawman?

                  Report after report says that switching from c or c++ to rust results in a 70% reduction of security issues. I don't get why people think that's a bad thing. Unless they are religious over their choice of programming language, an refuse to adopt to the modern world.
                  Last edited by dlq84; 30 April 2023, 02:55 AM.

                  Comment


                  • #39
                    I don't trust this. Things being rewritten with soon to be dead languages.

                    Comment


                    • #40
                      Originally posted by RejectModernity View Post
                      What's the point of this project? We already have sudo written in rust
                      https://gitlab.com/edneville/please
                      No one owes you any point behind free software. People will write free software and duplicate effort. It's normal. They might be learning a technology or trying to build a portfolio. Maybe they prefer how their own design works over existing ones.

                      The only time people think twice before duplicating effort is if they plan on selling a product and are afraid they can't compete over customers. And even then...they will often still duplicate effort and hope for the best. A successful market often attracts competition.

                      Comment

                      Working...
                      X