Announcement

Collapse
No announcement yet.

sudo & su Being Rewritten In Rust For Memory Safety

Collapse
X
Collapse
 
  • Page of 8
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 5 6 7 8 template Next
  • #41
    Originally posted by marios View Post
    In other words, the cargo cult™ behaves like a cult.
    Will it defeat C cult™?
    • Likes 8

    Comment

    • #42
      Originally posted by dragon321 View Post

      Will it defeat C cult™?
      No, Rust will have to use FFI/bindgen to call into it in order to co-exist.
      • Likes 3

      Comment

      • #43
        Originally posted by meklu View Post

        Not even that, we can run all code in kernel mode instead of user mode. Think of all the efficiency savings we get from eliminating mode switches!
        This has already been tried, in the form of OSv by Avi Kivity.

        Comment

        • #44
          Originally posted by dlq84 View Post

          Nobody ever said it was. Why is this such a common strawman?

          Report after report says that switching from c or c++ to rust results in a 70% reduction of security issues. I don't get why people think that's a bad thing. Unless they are religious over their choice of programming language, an refuse to adopt to the modern world.
          I don't intend it as a strawman (I'm actually rewriting as many of my projects as is feasible in Rust for better compile-time correctness and maintainability)... it's just a caution about rewrites of any kind.

          Mozilla mentioned how, while a Rust rewrite did allow them to parallelize their CSS layout after two failed attempts with C++, it also brought some regressions.

          However, there are classes of bugs that Rust explicitly does not address—particularly correctness bugs. In fact, during the Quantum CSS rewrite, engineers accidentally reintroduced a critical security bug that had previously been patched in the C++ code, regressing the fix for bug 641731. This allowed global history leakage via SVG image documents, resulting in bug 1420001. As a trivial history-stealing bug, this is rated security-high. The original fix was an additional check to see if the SVG document was being used as an image. Unfortunately, this check was overlooked during the rewrite.

          While there were automated tests intended to catch :visited rule violations like this, in practice, they didn’t detect this bug. To speed up our automated tests, we temporarily turned off the mechanism that tested this feature—tests aren’t particularly useful if they aren’t run. The risk of re-implementing logic errors can be mitigated by good test coverage (and actually running the tests). There’s still a danger of introducing new logic errors.
          • Likes 3

          Comment

          • #45
            Originally posted by saladin View Post
            Neat, but this looks like an dependent rewrite that just started development. It'll take a while after reaching feature parity for distros to start packaging this over the 'real' sudo.

            Part of that is that the 'real' sudo is established and well studied. This is not. It's an uphill battle for these devs to get this adopted, and I wish them all the best.
            Yes, because Amazon is a small company with only 1 employee working on this in his spare time… oh wait. I'm 100% sure that because of Amazon, it won't take too long to reach feature parity and get it adopted.

            And I don't know what you mean by “well studied”, but sudo never had any audits.
            Last edited by Vistaus; 30 April 2023, 11:18 AM.
            • Likes 1

            Comment

            • #46
              Originally posted by EvilHowl View Post
              initiatives like will make people think that anything that is written in C or C++ is automatically memory unsafe and buggy and everything that is written in Rust is automatically memory safe and not buggy.

              That will hurt Rust in the long run.
              I disagree. There will be obvious benefits. It's like electric cars: people don't realize what toll on the environment it takes to produce the car parts, batteries, etc., but also the constant charging your vehicle. But ultimately, electric cars are still better than ICE cars. And it's the same here: Rust is not a magic all-in-one solution, but it still has advantages over C/C++ and will make the end product better as a whole.
              • Likes 2

              Comment

              • #47
                Originally posted by rclark View Post
                <Sigh> Mature applications being rewritten in another language.... Seems like a waste of resources. Strange way to move 'forward'. When the next 'highly toted' language arrives say 'RustAwesoooome' will we rewrite it again, and again, and again????


                Why not let the Rust guys just write an AwesomeOS from the ground up? Then they'll be very happy to write all the memory safe code they want and let the rest of us get on with real work . When they are ready with a decent kernel, tools, DEs in a few years we can switch over to all the glorious AwesomeOS that will never have a memory problem and will be correctly written by all the wonderful Rust programmers out there and never see a virus, errors, or any problems ever again. Seems like a winner. Then they don't have to taint the current Linux Kernel with their high expectations and goals . They'll have it all in the AwesomeOS. No assembly, no pascal, no c, and especially no c++ ... just pure Rust applications allowed on the system. Seems 'reasonable' Ha!
                You mean like Redux?
                • Likes 1

                Comment

                • #48
                  don't get why people think that's a bad thing.
                  Not a bad thing (although fad languages do come and go). No my point was it is already written. Has been working for years, so the bugs had mostly been worked out I suspect... Including memory type problems. So why rewrite at this point? Move on. Write some 'new' stuff in Rust if you want with the '70% reduction in security issues' if that turns your crank. I have no problem with that.

                  [quote] You mean like Redux? [​/quote] Yep . Catches on, it can become the future Linux replacement OS . If Rust lasts that long...
                  • Likes 3

                  Comment

                  • #49
                    Originally posted by Vistaus View Post

                    I disagree. There will be obvious benefits. It's like electric cars: people don't realize what toll on the environment it takes to produce the car parts, batteries, etc., but also the constant charging your vehicle. But ultimately, electric cars are still better than ICE cars. And it's the same here: Rust is not a magic all-in-one solution, but it still has advantages over C/C++ and will make the end product better as a whole.
                    I don't think comparing C or C++ to ICE cars is fair. We are not talking about dead technologies.

                    C++ has many flaws, like every programming language, but I don't believe it's part of the past, outdated or EOL, like many people tend to believe. It is constantly (albeit slowly) evolving and is getting a lot of features (std::format, std:rint, std::stacktrace, ranges, ...) and improvements on every new standard version. It's only going to get better and it's going nowhere, for sure.

                    By the way, people that say "C/C++" often think that they are basically the same thing. Do note that while C and C++ may look somewhat similar, C is not a subset of C++. They are very independent languages with different ISO working groups and different features, made for different things. A C developer is not a C++ developer, or the other way around.
                    • Likes 1

                    Comment

                    • #50
                      Originally posted by rclark View Post
                      Not a bad thing (although fad languages do come and go). No my point was it is already written. Has been working for years, so the bugs had mostly been worked out I suspect... Including memory type problems. So why rewrite at this point? Move on. Write some 'new' stuff in Rust if you want with the '70% reduction in security issues' if that turns your crank. I have no problem with that.

                      You mean like Redux? [​/quote] Yep . Catches on, it can become the future Linux replacement OS . If Rust lasts that long...
                      There is 5 CVEs that start with 2023 just attributed to sudo and 2 quite recent bugs is something Rust would fix (double free and array out of bounds).

                      Rust will last long Microsoft does start new projects in Rust, new drivers will be Rust, firefox large part is in Rust, cloudflare use rust, discord use rust etc..Language has so much corporate backing that even if it was horrible language it won't die. And it is great language for its use.
                      • Likes 4

                      Comment

                      Previous 1 2 3 4 5 6 7 8 template Next
                      Working...
                      X