If they're really interested in re-writing things in Rust why don't they push one of the Rust native GUIs forward?


A crash reporter that uses GTK is useless if GTK crashes (yes, I have seen that before).

PC's are people too. They need sleep just like you and me.

Have you actually read the details of that CVE? I won't argue that windows isn't insecure, but that CVE is a total nothingburger.

The actual vulnerability is that it's not possible to pass untrusted input to CMD.EXE, because of the way it does argument parsing. This should surprise nobody. The only reason it's a CVE is that rust had made the bold claim that this was perfectly safe (and on unix systems with saner shells, it is). They've now bodged in a check to make rust programs bail out in weird parsing cases when safety of passing to CMD.EXE can't be assured. That's all.

Very, very few applications should actually need to pass ANYTHING to CMD.EXE these days. The actual impact among sane applications is probably nearly non-existent, since I very much doubt anyone writing in rust is passing much of anything to CMD.exe much less something untrusted.

I would argue that is not based on Rust's team own assessment calling it a critical security path

This is still the stupidest CVE I've ever seen, and doesn't deserve a 10/10. It's purely a failure to sanitize inputs, and the same "flaw" exists on every single language that currently exists (C, C++, Python, etc) but for some reason because it's Rust, it's suddenly a 10/10 CVE. And the CVE even mentions that the flaw exists on 10+ other languages, but only Rust gets the CVE filed against it.

I had my first crash in years today, and it took down the whole plasmashell. I guess it is more accurate to say firefox caused amdgpu to crash. The joy of switching to plasma6 on wayland.

It's not a path commonly followed. Few people should be submitting commands to CMD.exe instead of launching the program they want directly, and nobody should be feeding untrusted input into the shell.

The rust people are freaked out because they made a promise that they would (could) make this safe through clever filtering and escaping, and they take their promises VERY seriously. Rust goes as far as to have stronger stability guarantees than some of the stuff it relies on, like LLVM.

The rust developers are choosing to treat this just as seriously as if thousands of developers had relied on this promise in millions of applications, when in reality both numbers are probably in the single digits. In the grand scheme of things it was important to keep their promise for developers' sanity, but nobody in their right mind should have been leaning on this specific promise.

I trust since Rust developers are experts in their own software and therefore their own assessment that it is a critical security patch. You can choose to rely on your guesses that contradicts Rust developers.

Funny of you to blame this “vulnerability” on Windows when clearly the problem is that the people writing the runtimes for Rust, Go, Java etc. wrongly assumed that Windows and Unixlike shells must parse the arguments the same way. Different platforms — different rules.

Also, since when is passing unsanitized input to the shell considered a programming language runtime vulnerability? Guess I should file a CVE against glibc saying that ‘system("echo %s", user_input)’ may be used to execute arbitrary commands.

It's still a valid CVE. Rust doesn't stop anyone from implementing the wrong algorithm.